$facebook->getSession() returns null in the example code. is that ok?

Question

Running the example code for the Facebook API I get a null session object, and I should get a non-null object giving the comment in the code. What am I doing wrong?

In other words, in my index.php this fragment from the example code shows "no session" when I go to http://apps.facebook.com/my_app in my browser:

<?php

require './facebook.php';

// Create our Application instance.
$facebook = new Facebook(array(
  'appId' => '...', // actual value replaced by '...' for this post
  'secret' => '...', // actual value replaced by '...' for the post
  'cookie' => true,
));

// We may or may not have this data based on a $_GET or $_COOKIE based session.
//
// If we get a session here, it means we found a correctly signed session using
// the Application Secret only Facebook and the Application know. We dont know
// if it is still valid until we make an API call using the session. A session
// can become invalid if it has already expired (should not be getting the
// session back in this case) or if the user logged out of Facebook.
$session = $facebook->getSession();

if ($session) {
  echo "session ok";
}
else {
  echo "no session";
}


?>

Note: in my server index.php and facebook.php are in the same folder.

Answer 1

Have you linked your app yet?

if ($session) {
  $logoutUrl = $facebook->getLogoutUrl();
} else {
  $loginUrl = $facebook->getLoginUrl();
}
 <?php if ($me): ?>
<a href="<?php echo $logoutUrl; ?>">
<img src="http://static.ak.fbcdn.net/rsrc.php/z2Y31/hash/cxrz4k7j.gif"&gt;
</a>
<?php else: ?>
<div>
Using JavaScript &amp; XFBML: <fb:login-button></fb:login-button>
</div>
<div>
Without using JavaScript &amp; XFBML:
<a href="<?php echo $loginUrl; ?>">
<img src="http://static.ak.fbcdn.net/rsrc.php/zB6N8/hash/4li2k73z.gif"&gt;
</a>
</div>
<?php endif ?>

Code taken from the link you provided.

Answer 2

I'm not sure if you've gotten this answered yet, but here's what I found from working through this myself. Even if the user is logged in to facebook, the first time you try to get a session it will be null. The example application I found puts a login button on the form - if you do that, though, then the user will have to click on the button even they're already logged in to facebook. They won't be prompted again, but it's an extra user action.

So in my app and in what worked for several others I found in the forums is just to redirect to the login URL. (If you inspect the url, one of its parameters is "return_session=1".) When that comes back, then you'll have a session and can proceed normally.

But in my application, if I don't have an application token, then I can't get that session either, so I have to get an application token first. To get an application token, look at the excellent description from http://forum.developers.facebook.com/viewtopic.php?id=56789, the post from dynamoman on May 7 2010 (about the fourth post down).

One thing I ran into is that regardless of where I tell the authentication is the "next" page, it goes to the page configured in the canvas. So instead of three separate pages, I only have two, and the canvas callback URL has to handle whichever state it's in.

My actual code is inside a framework so it's not directly applicable; as an algorithm, it is:

landing page:
    if the facebook api token is not loaded,
        redirect to the authorization url
    try to load the user id // to validate that the session
    if the user id is not loaded,
        redirect to the loginurl from the facebook api
    // if it reaches here, then we have both an api token and a session

authorization page:
    get authorization token // see the post for how to do that
    redirect back to the page configured as the canvas url

There may be a better way, and I'm sure someone more familiar with this than myself could have a better solution, or post generic code.