retaining a session across redirect - a retooling of yesterday's question..

okay, so i have verified a few things about my components. mainly,
that if i set a value for a session variable on initialization of the
component, the value sticks, so this is not the problem..

the problem lies in the way i have to authenticate via facebook.

here's how the authentication works:

1. facebook loads my app via an iframe.
2. if the user has not authorized my app, i redirect to facebok's
   oauth page.
3. if the user authorized the app, facebook forwards the user to the
   url i provide in the redirect. when it does this, it sends a POST
   with my oauthToken.

here's how i am doing this...

in SBMain's renderConententOn method, i check the session for
oauthToken.
if it doesn't exist, i render a method:

renderAuthorizeCheckOn: html
   html
     html:
         '<script>window.top.location.href
        ="https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me";</script>'

once this has been accepted, i process the POST, and set my session
variables.. then, it continues with the render cycle..

inside the method that sets the session's oauthToken variable, the
values of the session check out i can indeed inspect the session and the
instance var, and it is set.

once the user is redirected back to my app (via the url sent over in
the renderAuthorizeCheckOn method, the app is loaded up again, but
this time, it has no session.

so, i think at this point, i need to figure out how to make sure that
once the app is hit by a user via facebook (and iframe), is redirected
to facebook for authorization, and then redirected back to my app,
that my app uses the same session for the entire interaction.

anyone have any ideas?

> What parameters are available from facebook?  is there a way to add a custom
> token/value/etc to post you get back from facebook?  If so, you can use that
> to look up the correct user session.  Or is there some existing
> facebook-user value you can use for a lookup?

oh! this might be the way to do it.. i would imagine you could add
some params on the end of the url..

i also get a userId back on a successful authorization..

maybe i can set the userId on the session..

then, i could do something like:

SBSession allInstances select [ :session | session userId = 'THE_CORRECT_ID' ]