tags:

views:

248

answers:

1
Q: 

Session Key & Access Token in Facebook-API

Can someone please explain to me once and for good what are Session Key & Access Token? How do I catch those two? Why and when do I need them? When is it one-time and when is it not?

Also, what are the differences between them either the application already installed or not. Please do it in Java. I'm a new-to-facebook-api Java developer who's trying to get application works with Facebook.

This is my basic code so far:

FacebookJsonRestClient client = new FacebookJsonRestClient(API_KEY, SECRET);
HtmlDisplay HD = new HtmlDisplay("http://www.facebook.com/login.php?api_key=1668a3eee255c05918c4234bc4371beb&connect_display=popup&v=1.0&next=http://www.walla.co.il&cancel_url=http://www.facebook.com/connect/login_failure.html&fbconnect=true&return_session=true&session_key_only=true&req_perms=user_photos,publish_stream,offline_access");
hd.popUp();
client.auth_getSession(token, true);
System.out.println(client.getCacheSessionKey());

I also tried to put:

&auth_token=TOKEN

inside HD and get it with

CLIENT.auth_createToken();

but nothing works.. =(
Thank you!

A: 

Session key and access token are two mutually exclusive concepts. Session key was used in old REST API, access token is used in new OAuth and Graph API.

The java library you are using supports only old REST API and pretty outdated. I would suggest switching to Graph API java library, like RestFB.

Authorization process for OAuth is described in details here. You would also find a lot of examples on RestFB page.

serg  2010-08-22 17:22:33

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?