Facebook Single Sign On - Dealing with invalid fbs_token cookies

Question

I have an app that successfully uses Facebook's single sign on to log a user in. Once a user is logged in I use the cookie that the Facebook javascript creates to get at the access_token which I of course use for subsequent requests.

I am having an issue though when the user separately visits facebook.com and logs out on their side, then comes back to my site. My application sees the fbs_* cookie still exists and assumes they are logged in to Facebook still. The functionality of my site is, if that cookie exists, to make a graph call to pull some additional information from their Facebook profile and then automatically redirect them to a page deeper in the site. When I try to do this I get the following error from Facebook:

{

"error": { "type": "OAuthException", "message": "Error validating access token." } }

The problem, it seems, is that although the data in the cookie is invalid it is still in existence. If this is the issue, what can I do to solve it? Is there a call I can make to be sure it is or isn't still valid? Certainly if I put a Facebook login button (it will correctly determine if they are or are not logged in, but I can't very well query the state of the Facebook-rendered button (or at least it wouldn't be a real elegant solution to the problem). Thanks for any suggestions!

Answer 1

This is a common problem when developing Facebook apps. Basically, you just need to account for this behavior in your code. If your application encounters an OAuthException you need to handle the error and have the user re-authenticate, redirect them back to the place they encountered the error, and then retry the api call. There is no API call that facebook offers to tell you if the access token is still valid because every method will tell you that by throwing the exception you are getting.