I found a solution to this problem.
IE 6/7/8 doesn't set the HTTP_REFERER when a window.open() is used. MySpace appears to require that this is set. The work-around for this is to make sure that IE has the HTTP_REFERER set.
How I got this to work is that I use an intermediate popup page. If HTTP_REFERER is set, I just direct the user straight to the intended MySpace authorize page. If it isn't set you output a link to the page for the user to click. Once they click this link the HTTP_REFERER header will be set. Even better, IE lets you use JavaScript to "click" links in IE. So you can output a blank page with a hidden link set and then use JavaScript to call the click() method of that element.
document.getElementById("myspace_link").click();
This is my full solution:
<?php
...
if (isset($_SERVER['HTTP_REFERER']))
{
header('Location: ' . $clean['url']);
}
...
<body>
<div style="display:none;" id="container">
<a id="myspace_link" href="<?php echo $clean['url']; ?>">Login</a> to MySpace
</div>
<script type="text/javascript">
<!--
var myspace_link = document.getElementById("myspace_link");
if (myspace_link.click)
{
myspace_link.click();
}
else
{
document.getElementById("container").style.display = "block";
}
-->
</script>
This solution should work for all major browsers and not have to have the user do anything. If for some reason click() method no longer works, the link will be displayed to the user to physically click (worst case scenario which really shouldn't happen).