We recently had problems logging into Facebook. Like every user who is logged in, you could make one graph call in / me, and then we get two errors:
"message": "Error checking access token: the session was invalidated because the user changed the password." "message": "Error checking access token: the session does not match the current session. This may be due to the user changing the password since the session was created or Facebook changed the session for security reasons."
The first seems to happen to new users when they log in, and the second is more for people who have already allowed our application. It looks like they can get the username for the first / me graphical call, and then the oauth token gets tied up over time (some of them eventually come back for some reason).
I recently found out that our code clicks facebook twice for me / home JSON. When I took this code, I was able to hit the graphical API via Rest, and it did not give me errors.
I saw various errors mentioning problems with facebook, but the problem was supposedly “fixed”, and it’s very difficult to understand why flapping facebook will kill our authentication token twice - you think that we will get a speed limit message.
Does anyone have an explanation of what this is? I still have not verified that the second call is a fix, but so far it looks like this.
source
share