The scenario is this;
- User registers and allows offline_access permission
- I save the session in the database
- User logs in later through application authentication (not facebook)
- I retrieve the stored infinite session key and apply it to the active session like so;
facebookAPI.Session.SessionKey = offlineAccesSessionKey;
facebookAPI.Session.UserId = (long)fuid;
Now I want to use FBML / FBJS on the client.
So I try this:
facebookAPI.Auth.Session.UserId = (long)fuid;
facebookAPI.Auth.Session.SessionKey = offlineAccesSessionKey;
facebookAPI.Auth.Session.SessionSecret = _facebookAPI.Session.SessionSecret;
But on the client side it's like I have no session at all.
How do I use my offline_access permission to allow client side access?
Am I wrong in thinking the code above should do the trick?
Is there a way to store the necessary cookies?
From the Facebook
This seems to be pretty clearly describe what needs to get done. Now the question is why I can't make this work with Toolkit V3.
A session secret-based session is required for the Facebook
require_login) are not session secret-based. In order to get a session secret-based session, you have two options:
- Explicitly ask for a session secret-based session in
auth.getSession – when first requesting a session, you can ask for a session secret-based session via this API. If you’re using our PHP 5 client library, you can also indicate this in the Facebook object constructor.
- Promote a non-session-secret-based session – the
auth.promoteSession API call can be used to promote an already existing session to a session secret-based session.
you’re not using the Facebook PHP library, please see the article
Verifying The Signature for details on the cookie format and how to ensure that the cookies you’re transferring are secure.