facebook_session expiration

14 views
Skip to first unread message

Matt

unread,
Sep 9, 2009, 9:15:11 PM9/9/09
to facebooker
Hi,
I've just begun using the library to implement a Facebook Connect
feature for my site. I followed this fairly closely:
http://www.elevatedrails.com/articles/2009/01/02/announcing-facebooker-support-for-facebook-connect/
and also have read a few other tutorials and pertinent mail on this
list to bring myself up to speed. My question is what to do if someone
logs out of facebook not from my site. facebook_session looks like it
will return true (even though its expired) regardless. I was planning
on just catching the expired exception and handling things that way.
Just wondering what the recommended behavior is? Much thanks.
-Matt

Philip Hallstrom

unread,
Sep 9, 2009, 9:36:33 PM9/9/09
to faceb...@googlegroups.com

That's pretty normal.

This might also work (it does for me).

http://facebooker.pjkh.com/fb-init-options/app_settings

-philip

Jordan Ritter

unread,
Sep 9, 2009, 9:39:58 PM9/9/09
to faceb...@googlegroups.com
Totally run into this problem all the time.  I implemented the following hack that so far always catches it:

class FacebookerController < ApplicationController

  # redirects in the typical case
  before_filter :ensure_authenticated_to_facebook

  # invokes the cheapest FB API call you can find, wrapped with a rescue block (see below)
  before_filter :guarantee_facebook_session

  # general catch for the expiration if it happens inside a controller method (not sure if I hit this anymore given the above)
  rescue_from Facebooker::Session::SessionExpired, :with => :facebook_session_expired

  # ...
  def guarantee_facebook_session
    begin 
      # try to trigger the sessionexpired exception, this is the "cheapest" API call I could find
      @facebook_session.post('facebook.users.getLoggedInUser', :session_key => @facebook_session.session_key)

      # session is valid, catch someone trying to steal it
      fb_user_id = params[:fb_sig_canvas_user] || params[:fb_sig_user]                                                               
      raise if fb_user_id && fb_user_id.to_i != @facebook_session.user.id  
    rescue
      return facebook_session_expired
    end
  end

   def facebook_session_expired   
        reset_session # clear_fb_cookies!, nuke their rails/rack session, yadda
        return redirect_retry    
    end 

    def redirect_retry
      # invoke a redirect back to either the canvas page or the
      # referrer (iframe), depending on whether we're coming from FB. 
      # in the iframe case, I also pull off "auth_key" before redirecting, otherwise
      # by virtue of getting to this point, facebooker already used the auth_key
      # and will need to get another on the next load (it won't if it's passed one).
    end
end

Some of the above is hand-typed, so beware typos -- but you should get the gist.

Took a *lot* of time and debugging to get this, but if anyone's got something better I'm all ears.   I hate having to hit FB every time - sometimes they just hang.

Good luck.

cheers,
--jordan

Matt

unread,
Sep 9, 2009, 11:32:18 PM9/9/09
to facebooker
Cool, thanks guys that helps.
-Matt
> >http://www.elevatedrails.com/articles/2009/01/02/announcing-facebooke...
Reply all
Reply to author
Forward
0 new messages