Henry Cipolla

I hate blog taglines.

How to create infinite sessions with the Facebook Platform API

Thursday, February 21st, 2008 • Filed Under

Like all things with Facebook Platform API, creating infinite sessions is really easy. However, there seems to be a lot of confusion and misinformation on the web about how this works. Part of this could be the fault of Facebook’s documentation. They provide a pretty good explanation of the authentication process but then the example they suggest (which is otherwise really good) relies on this line:
$facebook->set_user($user, $key);
which calls set_user() which is not referenced anywhere else that I could find in their documentation.

For some reason, people see all of this and get it in their head that the way to create an infinite session is to do the following:

  1. Send the user to www.facebook.com/login.php?api_key=key&ver=1.0
  2. Take the value that gets sent to the callback as the auth_token parameter and save it
  3. Call auth.getSession with this value
  4. Expect this to create an infinite session
  5. Instead get back error 100 “Invalid parameter” from the call to auth.getSession
  6. Write about it on the Facebook Developer’s Wiki, open bogus bugs in the Facebook bug database, and post horribly wrong things to Google Groups.

Where does the temptation to call auth.getSession come from and why are people using the auth_token when the documentation and examples clearly say you need to get the user’s session key? I tried looking to see if there was an example or tutorial somewhere that I missed that suggested this but I could not find it.

Either way, this process will yield significantly better results:

  1. Create a page which asks the user to login. You do this by directing them to the login URL: http://login.facebook.com/login.php?api_key=&v=1.0
  2. Make sure the api_key points to a valid callback page.
  3. In the callback page, get the USER’S SESSION KEY AND SAVE IT. Php Example:
    $key = $facebook->api_client->session_key;
  4. This is your infinite session key for this user. Store this along with their UID.
  5. Whenever you want to become that user, simply call
    $facebook->set_user($uid, $key);
  6. Instant infinite session.

Hopefully some confused people find this and it saves them some time and it keeps the number of bogus bugs in the Facebook database down. :)

Share This

There Are 8 Responses So Far. »

  1. Pingback by Facebook » How to create infinite sessions with the Facebook Platform API on 21 February 2008:

    […] Henry Cipolla wrote an interesting post today on How to create infinite sessions with the Facebook Platform APIHere’s a quick excerptLike all things with Facebook Platform API, creating infinite sessions is really easy…. […]

  2. Comment by james on 5 March 2008:

    Good stuff!! I’ve been looking for something like this. Some of these are cool too. http://www.newwebplatform.com/tips-and-tutorials/Facebook

  3. Comment by rhonihon on 21 May 2008:

    do you have any idea on why my callback url is empty?

    My page redirects to it but displays nothing..

  4. Comment by henry on 21 May 2008:

    Are you clicking the checkbox to allow the app to save the session when you are doing your login?

    If so you should paste your code here so we can take a look.

    – Henry

  5. Comment by Emmanuel Crouvisier on 18 January 2009:

    That’s not an infinite session key, it will expire. Here’s a how-to that I just finished writing that does the trick:

    http://www.emcro.com/blog/2009/01/facebook-infinite-session-keys-no-more/

  6. Comment by Ethan on 26 February 2009:

    Henry - can you link to those “documentation and examples [that] clearly say you need to get the user’s session key”?

  7. Comment by henry on 26 February 2009:

    Ethan,

    This post is over a year old. When I wrote it this was a relatively new thing but by now I’m sure all the confusion is fixed.

    – Henry

  8. Comment by Mark on 11 November 2009:

    Since you were wondering where this problem comes from, this apparently broken example code provided by Facebook uses auth_getSession and returns an “Invalid parameter” error as you mention. As far as I can tell the example does not work - I’m trying to figure out the answer.

    http://wiki.developers.facebook.com/index.php/Session_Proxy

    They recommend using that code on this page:

    http://wiki.developers.facebook.com/index.php/Facebook_Connect_for_iPhone

    Result of running that example code is:

    Fatal error: Uncaught exception ‘FacebookRestClientException’ with message ‘Invalid parameter’ in /lib/fb/facebook-platform/php/facebookapi_php5_restlib.php:3112
    Stack trace:
    #0 /lib/fb/facebook-platform/php/facebookapi_php5_restlib.php(309): FacebookRestClient->call_method(’facebook.auth.g…’, Array)
    #1 /lib/fb/auth-proxy.php(23): FacebookRestClient->auth_getSession(NULL, NULL)
    #2 {main}
    thrown in /lib/fb/facebook-platform/php/facebookapi_php5_restlib.php on line 3112

    I tried setting the callback to point to the script that contains the example code - that didn’t help. Maybe I’m misunderstanding the role of the callback, but the doc is not telling me I need to do anything with the callback URL in any case.

    Not expecting an answer here (this is an old thread). But you seemed to be wondering why the error keeps popping up in people’s questions. It’s still not fixed on the FB site.

Post a Response

Close
E-mail It