Session Key Invalid or no longer valid

Mar 23, 2010 at 8:03 PM
Edited Mar 23, 2010 at 8:27 PM
I realize that this has been discussed before. However, I haven't been able to find a solution that works. The code that I'm using is pretty much the same as shown in the FB connect example download. When initially going to the page everything works and I can log in, request permission, etc. However, when I go to Facebook and log out of my account, then return to my application. I get the 'Session Key Invalid or no longer valid'. Can somebody point me in the right direction to finding a solution to this problem? When I check for the sessionid being null and then redirect to the main page, it basically gets stuck in a loop.

private string ApplicationKey = ConfigurationManager.AppSettings.Get("APIKey");
private string SecretKey = ConfigurationManager.AppSettings.Get("Secret");
private Api _facebookAPI;
private ConnectSession _connectSession;

protected void Page_Load(object sender, EventArgs e)

#region Facebook Stuff
//Connect Authenticate
// Authenticated, created session and API object

_connectSession = new ConnectSession(ApplicationKey , SecretKey );

if (!_connectSession.IsConnected())

// Not authenticated, proceed as usual.
fbStatus.Text = "Please sign-in with Facebook.";

fbSession.Text = _connectSession.SessionKey.ToString();

// Authenticated, create API instance
_facebookAPI = new Api(_connectSession);

// Load user
Facebook.Schema.user user = _facebookAPI.Users.GetInfo();

if (!Page.IsPostBack)
// Display the user’s name
fbStatus.Text = string.Format("Signed in as {0} {1}", user.first_name, user.last_name);
//Display user's image
fbImage.ImageUrl = _facebookAPI.Users.GetInfo().pic_square.ToString();

fbUID.Text = _facebookAPI.Users.GetInfo().uid.ToString();

#region friends
//Display Friends
IList<Facebook.Schema.user> friends = _facebookAPI.Friends.GetUserObjects();
foreach (Facebook.Schema.user u in friends)
fbFriends.Items.Add(u.uid + " " +;


if (!Page.IsPostBack)
// Set section visibility
UpdatePanel1.Visible = true;



Mar 24, 2010 at 3:33 AM

Well here's what I do.

I've got a class called MyBasePage which Inherits Page (ie:


Public Class MyBasePage
    Inherits Page



Public Class MyBasePage

    Inherits Page

End Class

Within this class I have a Page_Init which runs something like:


If Not IsPostBack Then
Dim fakePage As New Page
        If FacebookAPI(fakePage) Is Nothing Then
            FacebookConnectSession(fakePage) = New ConnectSession(AppSettings("APIKey"), AppSettings("Secret"))

            If FacebookConnectSession(fakePage).IsConnected Then
                FacebookAPI(fakePage) = New Api(FacebookConnectSession(fakePage))
                FacebookUser(fakePage) = FacebookAPI(fakePage).Users.GetInfo()
                UserInfo_FacebookUserID(fakePage) = FacebookUser(fakePage).uid
                Response.Redirect("LoginConnect.aspx?Redirect=" & Request.RawUrl)
            End If
            'Check to see if the session key has expired
                Dim bHasPermission As String = FacebookAPI(fakePage).Users.GetInfo.uid.ToString
            Catch ex As Exception
                FacebookAPI(fakePage) = Nothing
                Response.Redirect("LoginConnect.aspx?Redirect=" & Request.RawUrl)
            End Try
        End If
End If

I've got some session variables in there.. so that might confuse you.  But the main thing is to see that I'm just trying to get the userID.  If there's an error, that means the session is done and it clears my facebook session variable and redirects to the logon page.  And at the top of the code of every page I refer to this MyBasePage like:



Partial Class _Default
    Inherits MyBasePage




Hope that helps a little..


Mar 25, 2010 at 7:17 AM

thanks.  great post...i will try this out soon.  

I was wondering if you guys also do client side checks for valid session?  Is it basically the same thing?  



Dec 9, 2010 at 1:10 PM


nmhuey I was facing the same as urs so have you resolved your issue if so can you help me out. Iam using Facebook.dll version So I want to display the username. But in between this issue comes up and could not find any solution can you help me out.
Dec 9, 2010 at 4:15 PM

The only workaround I've found is to get the session key on the client using the javascript client library.

This SDK relies on the cookies for the session key, and in my experience the cookies are not always updated in a timely fashion with the new session key.