Reputation: 1322
How to get a long-lived Facebook session?
I have been working on a Facebook application from last year. It was working good before the Facebook December 2012 changes. But now I'm getting an issue with a Facebook session. I have replaced the old SDK with the new SDK, where it is written:
Avoid trying to reuse spent authorization codes
So when an authorization code is spent, the user session expires from my site. (I get authorization error after that).
The user gets logout from my application every 5-6 minute, so I have to redirect the user to loginurl again and page refresh and this is not good for my site, because I'm using an Ajax call on all links.
I have seen some applications which work good after December changes also. (for example, Wrapp.com). Wrapp.com doesn't redirect the user after authentication code expiry. And I can make a post on Facebook without redirect using Wrapp.com after 10 minutes of login too. How does Wrapp.com handle authentication? What is the solution?
Upvotes: 3
Views: 708
Answers (2)
Reputation: 4150
Avoid expiring a session with Ajax and Iframe pages using the PHP SDK.
After much research and testing, using PHP SDK "3.2.2" with in an iframe or an Ajax page that is loaded with canvas or page tab, will clear the session for the application if the called page is loaded more than one time.
EXAMPLE:
Your page tab loads an iframe inside its self containing PHP SDK, and your user interacts with the iframe. That iframe upon the second page load will clear the current application session.
SOLUTION:
Remove PHP SDK from Ajax and iframe pages in your application and use cURL instead.
If your iframe page inside your application requires user authentication information, it is suggested to created a cookie or session upon the user landing on the page tab/ canvas or upload the user authentication. Use this switch content where the user is required to view or interact.
Upvotes: 1
Reputation: 1203
You have two ways:
You can extend the user access token using the scenario 4 tip described in Removal of offline_access permission.
In my case, I set my application as Desktop, so I have a token that expire in 90 days:
Upvotes: 1
Related Questions
- getLongLivedSession in Facebook PHP SDK 5.0
- Acquiring Long Lasting Facebook Token
- Facebook connect php - staying logged in
- PHP Facebook session management
- Is it possible to keep the Facebook session alive?
- Maintaining an active FB auth session for a website
- Keep Facebook session alive?
- storing entire facebook graph object into a php session
- Facebook with PHP API - Infinite Session