obtaining and using an infinite sessionKey

Feb 15, 2010 at 5:39 PM

hi,

i am working on a project where we will need to hourly update our database and insert all wallposts made on group pages we are monitoring.

i believe the best way to do this is having 1 user with the offline access permission, that requests all posts of the last hour on those group walls...

and then add them in our database.

we need to do to many operations on those posts that we believe it unfit for calling facebook on every visit.

 

but, i find alot of code (not always very documented or well structured) about the infinite session idea

this one (PHP) is so far the best tutorial i found

only i get stuck near the end, where he calls

$infinite_key_array = $facebook->api_client->auth_getSession($auth_token);

is there anything similar to this in the facebook developer toolkit?

or do i need to follow a totally different procedure to get an infinite session key?

 

if anyone can point me in the right direction i'd be glad to provide extra info if you need it.

best regards

Sander Houttekier

Feb 16, 2010 at 3:40 PM

Getting an infinite session key relies on getting the Facebook cookies updated by the Facebook api after the user grants you the offline_access extended permission.  My experience (see http://bugs.developers.facebook.com/show_bug.cgi?id=6421 ) has been that the cookies do not get updated in a timely and reliable fashion unless I use the new open source javascript client library at http://github.com/facebook/connect-js  

I prompt the user for permissions using javascript, stuff the new infinite session key into a hidden form field, and submit it to the server using an ajax form submit.  I then do an FQL query on the server side to make double-sure that I have the right permission, and prompt the user to re-grant the permission if it didn't "stick".  This method is working for me.

Feb 17, 2010 at 2:16 PM
patja wrote:

Getting an infinite session key relies on getting the Facebook cookies updated by the Facebook api after the user grants you the offline_access extended permission.  My experience (see http://bugs.developers.facebook.com/show_bug.cgi?id=6421 ) has been that the cookies do not get updated in a timely and reliable fashion unless I use the new open source javascript client library at http://github.com/facebook/connect-js  

I prompt the user for permissions using javascript, stuff the new infinite session key into a hidden form field, and submit it to the server using an ajax form submit.  I then do an FQL query on the server side to make double-sure that I have the right permission, and prompt the user to re-grant the permission if it didn't "stick".  This method is working for me.

did you take that new javascript library offline to work with? or did you use the one that is currently online?

i just ask because the test files i'm trying to write work with FB.init(..)

but almost all other functions like getSession, or login, ... fail...  "is not a function"

 

so i was wondering if maybe they changed something in the library but not yet in the documentation (it is after all an alpha... tricky for production environement ...)

Feb 18, 2010 at 3:34 PM

No I'm using the live version from FB's CDN, and I am in production with it

Feb 19, 2010 at 2:19 PM

So that you have another perspective on it, here's what we have working.  We basically have a service that uses Facebook Toolkit to update all of the information on Facebook periodically using saved session keys.  To save off the session keys, we use standard ASP.Net and client-side Facebook controls.  Mixing Facebook Toolkit on both ends is a recipe for disaster because there are limitations on what you can do based on whether your FB application is set to Desktop or Web.  This is not exact, working code but to give you an idea, we use the Facebook controls like so:

<fb:login-button autologoutlink="false" length="long" onlogin="onUpdate();">

Then use that to call some Javascript that prompts the user to connect with Facebook Connect and then grant the necessary permissions.  The javascript looks like this:

function onUpdate() {
grantPermission('offline_access');return false;
window.location.reload(); } function grantPermission(permission) { FB.ensureInit(function() { FB.Connect.requireSession(function() { //check is user already granted for this permission or not FB.Facebook.apiClient.users_hasAppPermission(permission, function(result) { // prompt offline permission if ((result == 0) || (!(result))) { // render the permission dialog FB.Connect.showPermissionDialog(permission, onGrantPermission, true, null); } else { // permission already granted. onGrantPermission(permission); } }); }); }); } function onGrantPermission(result) { if (result == 'offline_access') { window.location = 'AccountDetails.aspx'; } onUpdate(); }


On the server side, we check for the required cookies like this:
Dim keySessionKey As String = String.Format("{0}_session_key", mApiKey)
Dim keyUserId As String = String.Format("{0}_user", mApiKey)
Dim keySessionSecret As String = String.Format("{0}_ss", mApiKey)
Dim keySessionExpires As String = String.Format("{0}_expires", mApiKey)

It all works for us with no issues and we are able to reliably save off the "infinite" session key in the database, then use Facebook Toolkit to update later. There are a lot of gotchas though. Here's a few off the top
of my head.

  • The Facebook client-side stuff and server-side code does not co-exist very well. They're just different models.  It's easier to do everything client-side a lot of the time.  To get them to work as we did above, you'll have to do a lot of trial and error, testing user cookies, making sure you have the right cookie at the right time, etc.
  • You'll get a session key cookie when you log in, but it will not be an "infinite" session key until the user grants the offline_access permission.
  •  If you try to use the Facebook Toolkit Connect API from your website and your app is setup as a desktop app, it will give you all sorts of random errors. It just doesn't work both ways.
  • The API throws a lot of errors.  Make sure you retry messages 2 or 3 times and they'll usually go through eventually.

Hope this helps