Issues with status updates when there is no current user session

Mar 18, 2010 at 11:02 PM

We are developing an application that will allow our admin users to update a specific Facebook user's status without needing access to the account password.

However, we are getting the error "A session key is required for calling this method" when calling api.Status.Set(uid, status) when deployed to our live site.  We have granted share and offline access to the application on this account, and for some reason if I set the Connect url (in the FB app settings) to localhost and run it from my dev box, the status update happens as expected regardless of whether I am logged in with this account, my own personal account, or not logged in at all.

Does anyone have any clue how to accomplish this?

Here is the code we have currently:



connectSession = new Facebook.Session.ConnectSession(ConfigurationManager.AppSettings["ApiKey"], ConfigurationManager.AppSettings["Secret"]);
api = new Facebook.Rest.Api(connectSession);
api.Status.Set(uid, status);



Mar 19, 2010 at 4:07 PM

I don't use Status.Set, but I do use other methods that require offline_access.  You need to save the user's session key and use it when you call the method, for example:  api.Session.SessionKey = users's session key

Mar 19, 2010 at 10:36 PM
Edited Mar 19, 2010 at 10:37 PM

So are you saying all I need to do is add the following line after i create the ConnectSession and API?


api.Session.SessionKey = "mysessionkey";


I connected using the <fb:login-button> control, then read the value of api.Session.SessionKey.  That is the value I will replace with "mysessionkey" (hard-coded).  Will this work?

Mar 20, 2010 at 4:33 PM

I can't say definitively whether it will work or not since I have never used Status.Set.  I use Stream.Publish with the following code before I put together my call to the Stream.Publish method:


                api.Session.UserId = user.UserID;
                api.Session.SessionKey = user.SessionKey;

where I have a user object with the UserID and SessionKey I saved into my database.

You need to be sure the session key you are getting is the infinite, non-expiring session key obtained after getting the offline_access extended permission.  It has a different pattern to it, something along the lines of:  d9024038a6fcef982c7d942a-720447790 where to bit after the hyphen is the userid.  The temporary/expiring session keys are longer, such as 3._DgEbtLYNtdjy2NToujO9Q__.3600.1269043200-681899212 (again, the number after the hyphen is the userid).  You can also get the session expiration date and expires flag to test if you got the infinite session key.

I did have significant trouble obtaining the user's non-expiring "infinite" session key after prompting for the offline_access permissions, but some of those were related to the design approach I took.  I delay prompting for permissions as long as possible and only prompt for the minimum permissions I need, and I wanted to do it in an ajax-y way for a better user experience.  I don't want to scare users away by prompting for things I don't need until I know I need them.  There are at least three or four different ways to prompt for and obtain extended permissions, and some of them are pretty unreliable/buggy, relying on cookies being updated with the new session key.  The only method I found reliable and in keeping with my design approach of delaying permissions prompts as long as possible was the new alpha javascript client library.


Mar 22, 2010 at 3:21 PM

Well, it looks like its working in my local dev box, but I will need to wait until our employees start using the service to see if it is working on the live site.  Thank you for all of your help!