Facebook PHP SDK - staying logged in

Question

Hey all,

I'm currently using the PHP Facebook SDK for my project (http://github.com/facebook/php-sdk/). I have set it up so that a user will have to click a link to visit Facebook, which will then verify the user to use the application, and then return the session details to my site, which is fine. However, I want to store these session details within a database so that the user on logging in, can access information from their account at any time. Currently, if the user logs out of Facebook, and then tries to retrieve information from my site, I get the following exception "OAuthInvalidTokenException: Error processing access token." If the user is logged into Facebook on the same PC, then there isn't an issue.

Is there anything that I have to set, or is there some other way I should be performing this connectivity to be able to retrieve the data when the user isn't logged in?

The code I use to get/set the Facebook session is:

require 'libraries/facebook/facebook.php';

// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
  'appId'  => 'xxxx',
  'secret' => 'xxxx',
));

$session = $facebook->getSession();

$me = null;
// Session based API call.
if ($session) {
    //Save to database

  } catch (FacebookApiException $e) {
        error_log($e);
  }
} else {
    $loginUrl = $facebook->getLoginUrl();
    header('Location: ' . $loginUrl);
}

Once I have the session saved to the database from this part, I display the data by posting the database serialized session to this:

$session = unserialize($_POST['session']);
    require_once('libraries/facebook/facebook.php');

    $facebook = new Facebook(array(
      'appId'  => 'xxxx',
      'secret' => 'xxxx',
    ));

    $facebook->setSession($session, false);

    try {
        $uid = $facebook->getUser();
        // Do stuff
    } catch (FacebookApiException $e) {
        echo "<tr><td>" . $e . "</td>";
    }

Is there anything glaringly wrong with what I'm doing here? Or can I not use this method to create an oAuth connection that lets me request data for users when they are not logged in?

Thanks,

Dan

Answer 1

I have changed the type of application be a 'native application' instead of 'HTML5/Mobile Web', which then provides the option to "stay logged in to xxx" which can be selected, which didn't seem to be offered by the latter. Have tested it and it appears to now be working, which is good news!

Answer 2

By default, the access tokens (OAuth Token) you receive from the Facebook Platform are session-length only. So, what you describe is expected.

If you want to continue interacting with the API even after the users have logged out, you will need to request from them the offline_access extended permission, which will then make your access tokens "long lived", which you can store in a database for later use.

Just be aware that if the user modifies the permissions granted to your app, your access token will become invalid (or, at least, incongruent). But you can keep up with permissions changes via Real Time Updates.

Note: This does not keep the user "logged in", just gives you the power to act on their behalf when they are not logged in.