Henry Cipolla

I hate blog taglines.

How to create infinite sessions with the Facebook Platform API

Thursday, February 21st, 2008 • Filed Under

Like all things with Facebook Platform API, creating infinite sessions is really easy. However, there seems to be a lot of confusion and misinformation on the web about how this works. Part of this could be the fault of Facebook’s documentation. They provide a pretty good explanation of the authentication process but then the example they suggest (which is otherwise really good) relies on this line:
$facebook->set_user($user, $key);
which calls set_user() which is not referenced anywhere else that I could find in their documentation.

For some reason, people see all of this and get it in their head that the way to create an infinite session is to do the following:

  1. Send the user to www.facebook.com/login.php?api_key=key&ver=1.0
  2. Take the value that gets sent to the callback as the auth_token parameter and save it
  3. Call auth.getSession with this value
  4. Expect this to create an infinite session
  5. Instead get back error 100 “Invalid parameter” from the call to auth.getSession
  6. Write about it on the Facebook Developer’s Wiki, open bogus bugs in the Facebook bug database, and post horribly wrong things to Google Groups.

Where does the temptation to call auth.getSession come from and why are people using the auth_token when the documentation and examples clearly say you need to get the user’s session key? I tried looking to see if there was an example or tutorial somewhere that I missed that suggested this but I could not find it.

Either way, this process will yield significantly better results:

  1. Create a page which asks the user to login. You do this by directing them to the login URL: http://login.facebook.com/login.php?api_key=&v=1.0
  2. Make sure the api_key points to a valid callback page.
  3. In the callback page, get the USER’S SESSION KEY AND SAVE IT. Php Example:
    $key = $facebook->api_client->session_key;
  4. This is your infinite session key for this user. Store this along with their UID.
  5. Whenever you want to become that user, simply call
    $facebook->set_user($uid, $key);
  6. Instant infinite session.

Hopefully some confused people find this and it saves them some time and it keeps the number of bogus bugs in the Facebook database down. :)

Share This

There Are 4 Responses So Far. »

  1. Pingback by Facebook » How to create infinite sessions with the Facebook Platform API on 21 February 2008:

    […] Henry Cipolla wrote an interesting post today on How to create infinite sessions with the Facebook Platform APIHere’s a quick excerptLike all things with Facebook Platform API, creating infinite sessions is really easy…. […]

  2. Comment by james on 5 March 2008:

    Good stuff!! I’ve been looking for something like this. Some of these are cool too. http://www.newwebplatform.com/tips-and-tutorials/Facebook

  3. Comment by rhonihon on 21 May 2008:

    do you have any idea on why my callback url is empty?

    My page redirects to it but displays nothing..

  4. Comment by henry on 21 May 2008:

    Are you clicking the checkbox to allow the app to save the session when you are doing your login?

    If so you should paste your code here so we can take a look.

    – Henry

Post a Response

Close
E-mail It