Installed, no errors but not working? (fixed!)

Bas,
I can definitely see that logging in isn't working. There's nothing immediately out of the ordinary from the front end that we can see. However, the credentials you sent aren't giving me access to the admin area. If you can double check that I'm a Super Admin, that'd be great.

Thanks!

Bas,
Well, congratulations, I guess. You've run into an issue that we've never encountered, and are a little stumped right now. I'm not sure how technical you are, but I'll explain the issue, and hopefully, it may ring a bell for you. Basically, Facebook sets a cookie in the user's browser which your site (and JFBConnect) use to tell that the person has been validated by Facebook. This happens normally after the user hits the blue button.

If you look at the cookies stored in your browser after doing this (we use the "Developer Tools" add-on for Firefox which shows this stuff very easily), the cookie is there. However, when our PHP script tries to read this cookie to validate the user, it's missing.

I can't say I'm completely sure why this is happening. I've checked your PHP configuration, and everything seems good there. You don't have any security settings (that I'm aware of) that would prevent the cookie from being read. However, something is obviously preventing it.

Have you managed to get JFBConnect to work on another site? Is that site on the same host as the one you sent me? Does the above 'missing cookie' information ring any bells that you might be able to tell me about to help diagnose this further?

Some things we've tried:
* Using a different Facebook Application ID/Secret key (Ensures that it's not something mis-configured in your application)
* Checking the Cookie variable in a PHP script not related to Joomla (Ensures that some other component/Joomla setting isn't destroying the cookie before we can see it)
* Checked your PHP settings against our main server's PHP settings as well as a completely different development host we use for these sorts of things

Nothing's led us to an 'ah ha' moment. We'll keep investigating, but if you know about anything, please let us know!

We're still investigating. It's an extremely strange behavior. Again, we can see the cookie in our browser, correctly. The PHP script on the server just doesn't seem to be able to read that cookie. We'll let you know what we find, but, it may take a little time as we don't know where to start.

Thanks for your patience, and we'll let you know what we find.

Sorry for the delays. We've been doing some research and some tests on your site. The result is that we've likely determined the issue, but will need your hosting provider to help solve it.

Your server is using the SUHOSIN PHP security suite. We use this too, and it's a great set of tools for hardening your site against a wide range of attacks. However, it's configured to encrypt cookies before sending them to the user's browser, and then, of course, decrypting the values that are sent from the user back to your site. Since Facebook is actually setting the cookie for your domain, it has no means of encrypting the cookie properly. Therefore, when your site tries to read the users cookie, it first 'decrypts' it, which actually just scrambles the value.

We've done quite a few tests on your site to set cookies, and see the resulting value. If we do it (through your server), the cookie is gibberish. However, the Facebook cookie is always legible. So we're pretty confident this is the cause.

You may be able to disable the encryption using a .htaccess file and adding the following line:
php_flag suhosin.cookie.encrypt Off

Otherwise, your hosting provider may need to set it up in the vhosts.conf file (if that's how the server works). Either way, they should know best, but let them know the setting name of "suhosin.cookie.encrypt".

Good luck, and definitely let us know your results. This is a new issue to us, and we're curious how it will work out.