tags:

views:

31

answers:

1
+3  Q: 

How come Facebook's Graph API issue a cookie for "access_token", "secret", "session_key", "sig"... so many fields?

The following is what Facebook gives as a cookie to a website that uses Facebook connect.

It issues one cookie with the name fbs____<appID>_____, and can be splitted using the & character: (numbers changed... but they are in similar form)

Array
(
    [0] => "access_token=32480239450325|2.39F_lt3098asddASDL__.3600.1287892800-123456789|H9348aKljsakasd
    [1] => base_domain=www.example.com
    [2] => expires=1287892800
    [3] => secret=032480XYZ023489__
    [4] => session_key=2.39F_lt3098asddASDL__.3600.1287892800-123456789
    [5] => sig=8023948acbd43243
    [6] => uid=123456789"
)

The 32480239450325 is the appID.

I thought if we MD5 or SHA1 the access_token's 1st part with the uid with our app's secret key, then we can verify that it equals to the access_token's 2nd part or the last part, and confirm that it is a valid access_key and user.

So why do we need session_key, secret, and sig? In fact, the session_key is part of the access_token, so why repeat it...?

+1  A: 

To support legacy applications that might still be using the old fb_sig parameter

BeRecursive  2010-10-24 11:18:14
you mean some page might use the Graph API, and some other pages in the same app may use REST API. (but can't use both old REST Javascript SDK and new Graph Javascript SDK on the same page)
動靜能量  2010-10-24 12:26:12
Thats the one - some peopl are extending legacy applications with new graph API code, so both authentication methods are required
BeRecursive  2010-10-24 13:51:29

related questions

Does the Facebook REST API allow you to get a friend's phone number?
Hosting a Facebook Application?
My Facebook application's Javascript doesn't work in Google Chrome
Successful sites using Asp.NET and the Facebook API
How do you remove the "box head" in a Facebook application?
Render Self-Closing Tag in ASP.NET custom control derived from Control
What does the new Facebook Connect platform offer over a traditional Facebook App?
I need help creating a modding system in a Facebook Application
New Facebook app - FBML or iFrame?
how much does facebook denormalize their databases to break things up by network and therefore shrink the tables and speed the system?
using a named function as the callback for $.getJSON in jQuery to satisfy Facebook request signing demands
Which Facebook .NET Library is the best to use?
In Facebook app, is there a way to link directly to "join a group"
Facebook Development vs. XNA, Which is Worth Learning?
What's a Good Resource for Learning Facebook Application/Game Development?
Example Facebook Application using TurboGears -- pyFacebook
How to authenticate in a Facebook Flash application?
Facebook RSS application
Using Merb for Facebook Application
How to start facebook app?
Is anyone developing facebook apps on Grails
How do I import facebook friends from another website
Facebook java integration
Developing and Testing a Facebook application
Anyone have a link to a technical discussion of anything akin to the Facebook news feed system?