I am using the Facebook developer toolkit version 3.0 to create a Facebook iframe MVP application and with some problems getting an infinite session key right after I submit it.
When a user first clicks on my View app settings to set their preferences, they just have a regular expiring Facebook session key. No problems.
Depending on the preferences that they choose, I request them for extended offline_access permission using the javascript FB.Connect.showPermissionDialog Facebook client library library. Again not a problem, they provide permission.
At this point, a new non-exclusive (infinite) session key is issued. I need to store this in my database for future use. The problem is that I cannot figure out how to get it immediately when I need it. Facebook cookies containing session information are not updated until a few more page updates have passed.
There is bug ID 6421 on the Facebook bug tracking blog, but I'm looking for a server-side solution using the Facebook Developer Toolkit 3.0 release. I would like to know how the FDT api will come out on Facebook and get a new session.
I know that the new session is installed on the side of Facebook. At http://www.facebook.com/extern/login_status.php , a GET indication is displayed, which is displayed on the Firebug Net panel immediately after the user grants offline_access permission and has a response with some javascript containing a new session key without expiration . And if I continue to use the old expiration session key, I get invalid session errors from Facebook.
In my controller, I have code like:
[AcceptVerbs(HttpVerbs.Post)] [FacebookAuthorization(IsFbml = false)] public ActionResult Index(FormCollection collection) { var api = this.GetApi(); var userid = api.Session.UserId; var key = api.Session.SessionKey; }
This gets the old SessionKey, not the new non-expiring.
I donβt have this problem if I decorate my ActionResult with ExtendedPermissions = "offline_access" in GET, forcing the user to provide offline_patent before viewing the page, but I donβt like this user interface. I prefer to request javascript only when necessary, and javascript permission lightboxes are much better than requesting full page width rights when I use ExtendedPermissions = "offline_access".
I also tried to intercept the call of my xd_receiver (which I created in the view so that I could hit the debugger breakpoint in my controller and check the incoming request from Facebook). It falls during the granting of extended permission, but again has the old information about the terminating session referred to.
So, to find a resume, Iβm looking for a way to use the Facebook Developer Toolkit to force a session update from Facebook and get a new infinite session key (and secret).