Note to self: Infinite session keys are specific to individual Facebook applications, so when developing multiple Facebook apps you need one infinite session key per app.
Also, the infinite session key you are using goes away if that user uninstalls the app. The user is usually you, and you’re likely to run into this problem when you are adding and removing the app to test that behavior, then all of a sudden your app is broken for everyone.
I solve this situation by dynamically reassigning the infinite session key to the current user’s session key (if fb_sig_expires==0) when the default infinite session key is invalid. Eventually I will see the log entry and use the new session key. No failures occur on the user side.
So why use infinite session keys at all? Not all Facebook REST calls are in direct response to a webapp request. E.g. periodically and asynchronous updates. To make these calls, a valid session key must be provided but there is no webapp request with an associated Facebook session to refer back to.
Leave a Reply