Facebook authentication issue

I'm getting a bit pissed off with Facebook's platform constantly changing, fragile structure, and lack of decent and up-to-date documentation.

Currently, I'm migrating an app from FBML now that it's deprecated to an iFrame app, and having issues authenticating. Currently, I have a global bootstrap script that is loaded upon each page view that contains the following pertaining to authentication:

// attempt to authenticate against Facebook platform
require dirname(__FILE__) . '/facebook.php';

$facebook = new Facebook(array(
    'appId'  => APP_ID,
    'secret' => SECRET,
    'cookie' => true
));

$session = $facebook->getSession();

$user = null;
if ($session) {
    try {
        $uid = $facebook->getUser();
        $user = $facebook->api('/me');
    }
    catch (FacebookApiException $e) {
        error_log($e);
    }
}

if (!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'req_perms' => 'email,user_likes',
        'next' => CANVAS_URL.'/'
    ));
    echo '<script>top.location.href="'.$loginUrl.'";</script>';
    exit;
}

This was put together based on examples in the official Facebook PHP SDK and developer's documentation, but when first loading the app is just goes around in a nasty redirect circle and I have no idea where to start debugging as I've nothing to refer to from Facebook.

Has any one got a working sample of authenticating a Facebook iFrame app, or can see something inherently wrong with the code snippet I have above?

Thanks in advance.

EDIT: Forgot to mention that it goes in a redirect loop with the above code, but if I remove the parameters array from $facebook->getLoginUrl() call then it eventually breaks out of the loop and out of Facebook itself, instead going to my canvas URL outside of Facebook's iFrame container. For example, the URL becomes http://www.woohoobingo.com/facebookv2/?session={...} instead of http://apps.facebook.com/开发者_高级运维woohoobingo/.

Cracked it. Used the following HTTP header at the top of my index.php file:

header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');

This line works for me

header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');

But as you said it is not working in safari because it do not patch it to store cookies then you can use an alternative That turn off cookies

$facebook = new Facebook(array(
    'appId'  => APP_ID,
    'secret' => SECRET,
    'cookie' => false
));

and try to use the access token after authentication @access_token is the oauth access_token that gets passed to your canvas page in the initial POST request.

$facebook->api('/me?access_token='.$access_token);

Hope it works