(I’m fairly certain the answer to this question is quite simply “no” but I figured I’d ask in case anybody here has found a clever solution/workaround in the past.)
Using the PHP code provided as an example for simple Facebook development, one can see how it reads in the cookie to get the necessary values to place in the JavaScript code. Values like uid and access_token are necessary to plug into the JavaScript to access, say, the user’s social graph. The cookie is read server-side, and then ideally as much of the Facebook access as possible is done client-side (ajax calls to the graph, etc.).
But is there a way to do even the cookie access client-side?
I understand that:
- The cookie is sent to the server anyway, so this doesn’t save anything more than a very small amount of server-side processing.
- The “application secret” must not be made available in any client-side code. (Which is why I think the answer is simply “no.”)
- There may very well be no good reason to do this and a handful of good reasons not to do it.
This is more of a curiosity (being new to Facebook development and hardly an expert in JavaScript development) than an immediate business need. We have no plans to move the cookie parsing to client-side code, I’m just wondering if it’s even possible and/or if anybody has done it before.
Advertisement
Answer
You can access cookie information in javascript using document.cookie, but you will only be able to read the cookies that are on the same domain that the script is being run. For example, if my website www.xyz.com includes an iframe to facebook, when I call document.cookie I will only see xyz.com’s cookies not facebook.com.