tags:

views:

284

answers:

1
Q: 

'Session expires' error in oauth for twitter

I am using abraham williams library to update twitter status using oauth. But I am constantly getting 'session expired' error. How can I get around this. This is my source.

connect.php

<?php
session_start();
require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "--------------------");
define("CONSUMER_SECRET", "---------------------------");

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->getRequestToken('http://127.0.0.1/callback.php');

$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] =
$request_token['oauth_token_secret'];

$url = $connection->getAuthorizeURL($request_token);
header('Location: ' . $url);
?>

index.php

<?php
session_start();

if (empty($_SESSION['access_token'])) {
header('Location: ./connect.php');
}

require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "---------------");
define("CONSUMER_SECRET", "--------------------------------");

$connection = new TwitterOAuth(
  CONSUMER_KEY,
  CONSUMER_SECRET,
  $_SESSION['access_token']['oauth_token'],
  $_SESSION['access_token']['oauth_token_secret']
);

include("form.php");
$msg = $_POST['tweet'];

if (!empty($msg)) {
  $tweetmsg = $msg; }
else {
  exit('Post a tweet');
     }

$result = $connection->post('statuses/update', array('status' => $tweetmsg));
unset($_SESSION['tweetmsg']);
if (200 === $connection->http_code) {
   echo'tweet posted';
}
else {
$resultmsg = 'Could not post Tweet. Error: '.$httpCode.'  
Reason:'.$result->error;
echo $resultmsg;
}
?>

callback.php

<?php
session_start();
require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "---------------");
define("CONSUMER_SECRET", "------------------------------");

if (
  isset($_REQUEST['oauth_token'])
  && $_SESSION['oauth_token'] !== $_REQUEST['oauth_token']
) {
  //echo 'Session expired';
header('Location: ./connect.php');
}
else {
  $connection = new TwitterOAuth(
    CONSUMER_KEY,
    CONSUMER_SECRET,
    $_SESSION['oauth_token'],
    $_SESSION['oauth_token_secret']
  );
  $_SESSION['access_token'] =
$connection->getAccessToken($_REQUEST['oauth_verifier']);
header('Location: index.php');

unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
}
?>
A: 

callback.php is designed to be used once during each negotiation for an access token. Not each time you want to tweet.

I recommend breaking your code into the following three files:

connect.php

<?php
session_start();
require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "--------------------");
define("CONSUMER_SECRET", "---------------------------");

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$request_token = $connection->getRequestToken('http://127.0.0.1/callback.php');

$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] =
$request_token['oauth_token_secret'];

$url = $connection->getAuthorizeURL($request_token);
header('Location: ' . $url);

callback.php

<?php
session_start();
require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "------------------");
define("CONSUMER_SECRET", "----------------------------");

if (
  isset($_REQUEST['oauth_token']) 
  && $_SESSION['oauth_token'] !== $_REQUEST['oauth_token']
) {
  echo 'Session expired';
}
else {
  $connection = new TwitterOAuth(
    CONSUMER_KEY,
    CONSUMER_SECRET,
    $_SESSION['oauth_token'],
    $_SESSION['oauth_token_secret']
  );
  $_SESSION['access_token'] = $connection->getAccessToken($_REQUEST['oauth_verifier']);
  header('Location: index.php');
}

index.php

<?php
session_start();

if (empty($_SESSION['access_token'])) {
  if (!empty($_POST['tweetmsg'])) {
    $_SESSION['tweetmsg'] = $_POST['tweet'];
  }
  header('Location: ./connect.php');
}

require_once 'twitteroauth/TwitterOAuth.php';
define("CONSUMER_KEY", "------------------");
define("CONSUMER_SECRET", "----------------------------");

$connection = new TwitterOAuth(
  CONSUMER_KEY,
  CONSUMER_SECRET,
  $_SESSION['access_token']['oauth_token'],
  $_SESSION['access_token']['oauth_token_secret']
);

if (!empty($_POST['tweetmsg'])) {
  $tweetmsg = $_POST['tweetmsg'];
} elseif (!empty($_SESSION['tweetmsg'])) {
  $tweetmsg = $_SESSION['tweetmsg'];
} else {
  exit('No tweet value in session or from form');
}

$result = $connection->post('statuses/update', array('status' => $tweetmsg));
unset($_SESSION['tweetmsg']);
if (200 === $connection->http_code) {
  $resultmsg = 'Tweet Posted: '.$tweetmsg;
}
else {
  $resultmsg = 'Could not post Tweet. Error: '.$httpCode.' Reason: '.
  $result->error;
}
abraham  2010-09-18 22:10:58
thanX 4 the response abraham :-)
XCeptable  2010-09-19 14:58:20
thanX 4 the response abraham :-) I break the application exactly as you mentioned, now it raises this error: 'Could not post Tweet. Error: 401 Reason: Could not authenticate you'. One more question is as in ur recommended breakup, there is no method to send user to Twitter for authentication so how will this work. As my application is to be used by many users to post updates to their twitter accounts.
XCeptable  2010-09-19 15:04:18
You still have to get a request token and send the user to Twitter. I updated my response to include connect.php and a check in index.php to see if there there is an access token in the session.
abraham  2010-09-19 23:33:06
thank you very much abraham ... I updated the code. But now when I press authenticate button on Twitter, the error message from Twitter appears, 'Sorry, that page doesn’t exist!'.
XCeptable  2010-09-20 10:56:03
What is the Twitter URL you land on?
abraham  2010-09-20 16:34:08
XCeptable  2010-09-20 17:59:13
So you get redirected to Twitter ok? You authorize' the application to access your Twitter account then you get the "page doesn't exist" error? Make sure you have the callback URL set properly in $request_token = $connection->getRequestToken('http://127.0.0.1/callback.php');. If should be the same URL as where you access index.php just with callback.php instead.
abraham  2010-09-21 01:18:11
XCeptable  2010-09-21 17:56:56
I tweaked the code a little bit. Most of the edits were after your issue however. If it still does not work then I think something is wrong with how your server handles sessions. The if that checks returns "session expired" only checks to make sure the oauth_token you return from twitter matches the existing one in the session.
abraham  2010-09-21 23:10:06
Yes, the problem still persists. I am using apache 2.2.14 (IPV6 enabled) web server on windows 7. What can be workaround for it. I commented the if condition for session check, it for once work. And after that again started giving session expire error.
XCeptable  2010-09-22 09:33:47
XCeptable  2010-09-22 10:43:50
Glad to hear you got it working. It looks like stale session data was causing issues.
abraham  2010-09-22 16:49:20
I have one question, I have to upload it on a server and it has to be used by many people. I have only experience of single user applications. The $tweetmsg will contain message that is 2B twitted by a user. For single user its fine but what when many people have opened application from server.
XCeptable  2010-09-23 07:36:27
If they users are tweeting whatever they want you will have to create an HTML form and submit it to the script filling $tweetmsg with whatever they wish to tweet.
abraham  2010-09-23 23:17:51
Also if my reply was the solution you were looking be sure to mark it as the correct answer.
abraham  2010-09-23 23:18:36
XCeptable  2010-09-24 12:40:27
"stdClass Object ( [request] => /1/statuses/update.json [error] => Client must provide a 'status' parameter with a value. )". I have a strange problem. I call index.php from HTML form in index.php, its empty. Can you kindly look at index.php to see why the value passed vanished reaching here. Otherwise its working this way as I checked by assigning value in index file.
XCeptable  2010-09-24 13:07:30
XCeptable  2010-09-24 13:20:12
Try `$tweetmsg = $_POST['tweet'];` and make the textarea input id/name is `tweet`. If that does not work try `$tweetmsg = $_REQUEST['tweet'];`.
abraham  2010-09-24 18:12:32
XCeptable  2010-09-24 19:51:44
I even tried to use session variable here but exactly same behavior is shown by session variable too like. $tweetmsg = $_REQUEST['tweet'];$_SESSION['tweetmsg'] = $tweetmsg; --------------------------------- $result=$connection->post('statuses/update',array('status'=> $_SESSION['tweetmsg']));
XCeptable  2010-09-24 20:14:58
$_POST is not persistent storage. If you have a user POST a form to index.php and there is no accesss_token in session they will be sent to Twitter to authenticate. When this happens the $_POST data is discarded. Either have the user authenticate before displaying a form to them or save the $_POST data in a session for when they get back from twitter.com.
abraham  2010-09-24 20:16:39
@$_POST is not persistent storage..... I had think on it, is not it strange as I save the value in a local variable that is $tweetmsg " statement as its not necessary to get value at start. But No value is passed here from $_POST.
XCeptable  2010-09-24 20:30:28
Unless you save it to $_SESSION or have the user resubmit the form the variables are discarded between page loads. $tweetmsg is not saved between page loads. here is some more information on sessions: http://www.phpro.org/tutorials/Introduction-To-PHP-Sessions.html
abraham  2010-09-25 06:13:20
I have tried storing $tweetmsg value in session variable but it behaves exactly same as local variable $tweetmsg i.e. lost value after page load. If you kindly look at my edited index.php source above, it is how I am using session variable to store $teetmsg value.
XCeptable  2010-09-26 12:18:15
My guess is that since when you return from twitter.com $_POST['tweet'] is a null value it is overwriting the stored $_SESSION['tweetmsg'] with that null value.
abraham  2010-09-26 22:42:36
XCeptable  2010-09-27 12:49:55
XCeptable  2010-09-27 19:38:17
if (!empty($_POST['tweetmsg'])) { $tweetmsg = $_POST['tweetmsg']; } else { $tweetmsg = $_SESSION['tweetmsg']; }
abraham  2010-09-27 19:46:37
I now just tried this one before reading ur message, but it gave same result. Here is code what I tried "if(!empty($_REQUEST['tweet'])){ $_SESSION['tweetmsg'] = $_REQUEST['tweet']; //print $_SESSION['tweetmsg']; } else { $msg = $_SESSION['tweetmsg']; }if (empty($_SESSION['access_token'])) {header('Location: ./connect.php');}echo $msg;//session_unset();"
XCeptable  2010-09-27 20:13:16
I edited the index.php too for easy readability.
XCeptable  2010-09-27 20:20:32
XCeptable  2010-09-27 20:33:03
As long as the users cookie is valid and the session has not expired the session data will be there. Going to twitter.com will not change that.
abraham  2010-09-27 21:16:45
I edited the index.php in my answer. Have a look at that.
abraham  2010-09-27 21:17:17
exit('No tweet value in session or from form');
XCeptable  2010-09-28 12:58:25
the problem is after "header('Location: ./connect.php');" $_SESSION['tweetmsg'] looses its value strangely. I check by "if(isset($_SESSION['tweetmsg'])) {echo"set";} else echo"no set"; results 'no set'-
XCeptable  2010-09-28 13:15:41
I tried to pass value through setcookie() but cookie donot exist after page reload. If setting cookies is problem than session variables may be are suffering bec of it. I edited the index.php, see it to validate the test that I did.
XCeptable  2010-09-28 20:45:48
Sessions are working properly. If they were not authentication would never work and nothing would ever get tweeted. If you save a value to `$_SESSION['tweetmsg']` before `header('Location: ./connect.php');` then upon returning to `index.php` `$_SESSION['tweetmsg']` will still have a value.
abraham  2010-09-28 23:04:50
Yes, you are right. This thing came into my mind but 4get for the time being wehn SetCookie was not set. But then why $_SESSION['tweetmsg'] results in 'not-set' after page reloaded by header. Can you give any clue I could work on as I am not finding any reason still.
XCeptable  2010-09-29 09:28:39
XCeptable  2010-09-29 18:23:27
XCeptable  2010-09-29 18:45:53
I don't understand what you are asking. If you log out of twitter.com it does not effect your application. Once your applications session expires you will have to go through the authentication flow with twitter.com again but that will be infrequent and you can configure PHP to extend the amount of time before the session expires.
abraham  2010-09-29 20:51:10
XCeptable  2010-09-30 13:59:56
XCeptable  2010-09-30 14:01:41
Check out the documentation for statuses/update. Specifically for including in_reply_to_status_id. http://dev.twitter.com/doc/post/statuses/update
abraham  2010-09-30 23:10:56
How do we get status-id of a specific status update .....
XCeptable  2010-10-04 20:35:37
If you have a status object like `$status` it will be the `id` attribute and it would be accessed like `$status->id`.
abraham  2010-10-04 22:53:22
XCeptable  2010-10-05 21:38:04
Here is information about how replies work: http://support.twitter.com/articles/14023-what-are-replies-and-mentions
abraham  2010-10-05 22:35:34

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?