How to get infinite session key immediately after granting offline_access?

Oct 30, 2009 at 4:04 PM

My app is an iframe-based MVC app using the latest 3.0 library.

On one of my Views I'm prompting the user for offline_access permissions using javascript, collecting some other app preference settings, and then saving their session key, session secret, and app preferences.  They come into my preference setting View with the regular expiring session key, but when they submit the form to save their preferences they have successfully granted offline_access permissions, generating a new non-expiring session key and session secret.

The problem is I'm not getting the new non-expiring (aka infinite) session key & secret when the form is posted to my controller.  If I refresh the page a few times it does pick up the new session key.

Observing the Net panel in Firebug, I see a GET to http://www.facebook.com/extern/login_status.php occurs right after the user grants offline_access, and in the response I see the new non-expiring session key...so I have some hope at least that I can tap into this info in my Controller.  The cookies aren't getting updated with this new information however, at least not right away.  Again, after a few page refreshes they catch up...but I need the new session key right away.

In my controller I am doing:

var api = this.GetApi();
var userid = api.Session.UserId;
var key = api.Session.SessionKey;

Is there some way using the FDT library to tap into the updated session key immediately, perhaps taking advantage of the http://www.facebook.com/extern/login_status.php ?  I don't know if the FDT api provides some way to initiate a call to login_status.php and obtain the fresh session key & secret.

I've also observed under the debugger the call to my xd_receiver after the user grants offline_access in hopes of obtaining the new session key there, but again it is referencing the old expiring session key.

I don't have these problems if I enter my View after decorating my controller with RequiredPermissions="offline_access", forcing the user to grant offline_access prior to even seeing the preference settings view, but I don't really like this user experience.  I much prefer the lightbox prompt for offline_access I get from initiating the permissions request from javascript; the user has more context for understanding why they are being asked for offline_access, and the lightbox is much more elegant than the full width page prompt for offline_access that you get by setting RequiredPermissions="offline_access"

All of this may (or may not) be related to Facebook bug 6421 http://bugs.developers.facebook.com/show_bug.cgi?id=6421

Any help is much appreciated!