Clever Geek Handbook

How to get a long-lived Facebook session?

I've been working on a Facebook app since last year. It worked well until the December 2012 change to Facebook. But now I have a problem with my Facebook session. I replaced the old SDK with the new SDK where it is written :

Avoid reusing spent authorization codes

So, when the authorization code is consumed, the user session expires from my site. (After that I get an authorization error).

The user gets logged out of my app every 5-6 minutes, so I need to redirect the user to loginurl again and refresh the page, which is bad for my site because I am using Ajax to trigger all links.

I have seen some applications that work well after the December changes. (for example, Wrapp.com). Wrapp.com does not redirect the user after the authentication code expires. And I am able to post to Facebook without redirection using Wrapp.com after 10 minutes of login. How does Wrapp.com handle authentication? What's the solution?

+3


source to share


2 answers


You have two ways:

  • You can extend the user's access token using script hint 4 described in Removing offline_access permission .

    / li>

  • In my case, I install my app as Desktop, so I have a token that will expire after 90 days:



Enter image description here

+1


source


Avoid logging out with Ajax and Iframe pages with PHP SDK.

After much research and testing with the PHP SDK "3.2.2" on an iframe or Ajax page loaded by a canvas or page tab, the session for the application will clear if the called page has been loaded more than one time.

Example:



Your page tab loads the iframe inside its own containing the PHP SDK and your user interacts with the iframe. This iframe, when the second page loads, will clear the current application session.

DECISION:

Remove the PHP SDK from Ajax and iframe pages in your application and use cURL instead .

If your iframe page inside your app requires user authentication information, it is recommended to create a cookie or session when the user lands on the page's tab / canvas, or load user authentication. Use this switch content where the user needs to view or interact.

+1


source






More articles:


All Articles