«
»

Infinite Session Keys

Note to self: Infinite session keys are specific to individual Facebook applications, so when developing multiple Facebook apps you need one infinite session key per app.

Also, the infinite session key you are using goes away if that user uninstalls the app. The user is usually you, and you’re likely to run into this problem when you are adding and removing the app to test that behavior, then all of a sudden your app is broken for everyone.

I solve this situation by dynamically reassigning the infinite session key to the current user’s session key (if fb_sig_expires==0) when the default infinite session key is invalid. Eventually I will see the log entry and use the new session key. No failures occur on the user side.

So why use infinite session keys at all? Not all Facebook REST calls are in direct response to a webapp request. E.g. periodically and asynchronous updates. To make these calls, a valid session key must be provided but there is no webapp request with an associated Facebook session to refer back to.

Advertisements

This entry was posted on November 21, 2007 at 12:32 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: