my6solutions

asp .net, the social web & other distractions

Home Archive Contact Subscribe Sign in
 

Running Apps

Twitter App: Are You Following Me Too?


PayPal - The safer, easier way to pay online!

Disclaimer

I am in no way affiliated with Microsoft or Google. I am just another developer trying to make a difference. All opinions and observations are usually my own.

Facebook Connect Invalid Session Key issue

I had a look into the "Session key is invalid" issue with Facebook Connect again and I have managed to reproduce it. While doing this, I have also discovered another issue that seems to occur on The Run Around site which is the official PHP example site for Facebook Connect. I haven't had a look around so maybe someone else has reported the issue.

But anyway, to reproduce this issue on The Run Around.

  1. Register as a normal user and then sign in.
  2. Connect via Facebook Connect
  3. Log into Facebook in a seperate tab or browser if you are not already logged in there.
  4. Logout of Facebook
  5. Hit Refresh on The Run Around and you'll notice that your profile photo will disappear
  6. Hit Refresh again and you will be logged out
  7. If you login on The Run Around now with your normal user account instead of using Facebook Connect, you will notice that your photo is still missing and you can't logout of The Run Around. Also, you will not have any friends recommendations.

What's happening here is that when you logged out of Facebook, your session key is no longer valid on The Run Around. Subsequently, the facebook cookies are cleared and the user is logged out.

But when logging into the site again normally without using Facebook Connect, it gives the impression that you are connected to facebook because you are presented with the option to Disconnect from Facebook. This is misleading because you are not actually connected to facebook. Hence, the site cannot make any calls to get details about connected or unconnected friends because this requires a valid session key.

Anyway, to handle the invalid session key problem, you actually have to try connecting to Facebook to see if the key works. I think the best method to use is to try get the UserID via users.getLoggedInUser(). If it fails, you clear the invalid cookies and inform the user. If it works, then all is fine because you'll need to try get the UserID anyway.

The following is the utility class I use. Hope it helps. If there is a better solution, please let me know too. I will be uploading the entire implementation on raya and you can have a play with it at http://raya.my6solutions.com in a few moments. I am using Facebook Developer Toolkit 2.1.

public class Facebook

    {

        public readonly API api;

 

        public Facebook()

        {

            api = new API

            {

                ApplicationKey = ApiKey,

                SessionKey = SessionKey,

                Secret = SecretKey,

                uid = UserID

            };

        }

 

        public bool isConnected()

        {

            if (api.SessionKey == null)

            {

                return false;

            }

            // can't really tell if the session key we have is still valid

            // let's try connecting

            try

            {

                api.uid = api.users.getLoggedInUser();

            }

            catch (FacebookException)

            {

                // invalid session key found

                ClearFacebookCookies();

                return false;

            }

            return true;

        }

 

        public static string ApiKey

        {

            get

            {

                return RayaSettings.Fb_api_key;

            }

        }

 

        public static string SessionKey

        {

            get

            {

                return GetFacebookCookie("session_key");

            }

        }

        public static string SecretKey

        {

            get

            {

                return RayaSettings.Fb_api_secret;

            }

        }

        public static long UserID

        {

            get

            {

                int userID;

                int.TryParse(GetFacebookCookie("user"), out userID);

                return userID;

            }

        }

        private static string GetFacebookCookie(string cookieName)

        {

            string retString = null;

            string fullCookie = ApiKey + "_" + cookieName;

 

            if (HttpContext.Current != null)

            {

                if (HttpContext.Current.Request.Cookies[fullCookie] != null)

                    retString = HttpContext.Current.Request.Cookies[fullCookie].Value;

            }

 

            return retString;

        }

 

        public static void ClearFacebookCookies()

        {

            string[] cookies = new[]{"user", "session_key", "expires", "ss"};

            foreach (var c in cookies)

            {

                string fullCookie = ApiKey + "_" + c;

 

                if (HttpContext.Current != null &&

                    HttpContext.Current.Response.Cookies[fullCookie] != null)

                {

                    HttpContext.Current.Response.Cookies[fullCookie].Expires = DateTime.Now.AddMonths(-1);

                }

            }

        }

    }



 

Bookmark and Share

Tags: , , ,
Categories: ASP .NET | facebook
Posted by Admin on Friday, July 31, 2009 10:13 AM
E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (1) | Post RSSRSS comment feed

Comments

eMan

Monday, November 09, 2009 6:58 PM

eMan

Thank you very much for the article.

I am not sure, Why I am always getting session invalid exception. I started my code after referring to devtacular.com/.../  and here.

Doesnt matter whatever I do, I always get Session ivalid exception. Please let me know possible causes