Infinite session howto
From Facebook Developers Wiki
EDIT : It is useful, for certain Facebook applications, for a developer to create his own infinite session key for the application he has created. For example, an application might want to implement a cron script that automatically updates FBML at some interval, and it would be great to be able to do that without requiring that the developer log in every time a change needs to be made. If the owner of the application creates an infinite key, he may accomplish this.
It is not completely clear (not to me, at least!) how exactly one goes about creating such a key and implementing it. This article attempts to give concise step-by-step instructions on how to do this.
There are probably better ways to do this.
Screenshots will come, at some point.
Notice: This information is out of date. Please see http://developers.facebook.com/documentation.php?doc=auth
Contents |
[edit] Step 1: Add your application
After creating your application, you want to add it.
On the left, click Developer then select your application (listed under "My Applications"), and then add the application from your about page. Simple enough.
[edit] Step 2: Create a PHP script
In my case, I am using the Facebook's PHP client library. Download and unzip the library, configure it, and then create the following:
http://www.yourserver.com/get_infinite_key.php
<?php // Include the facebook library config files. require_once 'facebook.php'; // Set the API key and Secret. $api_key = YOUR_API_KEY_HERE; $secret = YOUR_SECRET_HERE; $facebook = new Facebook($api_key, $secret); // force a login page $facebook->require_frame(); $user = $facebook->require_login(); // Echo the "infinite session key" that everyone keeps talking about. echo $facebook->api_client->session_key; ?>
Log out of facebook. Heck, I'd clear your cookies/cache/authenticated sessions too. Then go to the page you just created. You'll be asked to log in, and when you do that, be sure to check the box so that you "no longer have to log in to facebook".
You should see a string printed - that is your infinite session key. Copy this key, we'll need it later.
[edit] Step 3: Create your cron job, using your infinite key
Now that you have told facebook that you want an infinite session, and now that you have gotten your infinite session key, you're ready to roll. My sample script looks like this:
Make sure you take out require_login();
http://www.yourserver.com/cronjob.php <? php // Include the facebook library config files. require_once 'facebook.php'; // Set the API key and Secret. $api_key = YOUR_API_KEY_HERE; $secret = YOUR_SECRET_HERE; $facebook = new Facebook($api_key, $secret); $user = YOUR_FACEBOOK_USER_ID; $key = SESSION_KEY_WE_PROCURED_ABOVE; // Allows "you" to run your script $facebook->set_user($user, $key); // Now you can update FBML pages, update your fb:ref tags, etc. $facebook->api_client->fbml_refreshRefUrl(...); ?>
[edit] Step 3a: Create a cron job to update user specific information.
There will come a time where you will need to update user profiles based specifically on that user. Meaning, every profile will be different. The way I do this is using a ref url. However, below is a simple script that pushes a user's birthday to his or her profile.
http://www.yourserver.com/cronjob.php
<?php
// Include the facebook library config files.
require_once 'facebook.php';
$api_key = <your app api key>;
$secret = <your app secret>;
$facebook = new Facebook($api_key, $secret);
$query = 'SELECT * FROM users';
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$facebook->set_user($row['FB_ID'], $row['session_key']);
$birthday = $facebook->api_client->users_getInfo($row['FB_ID'],'birthday');
$facebook->api_client->profile_setFBML($birthday, $row['FB_ID']);
}
?>
[edit] Headline text
[edit] Conclusion
And that should be it. There are guides out there on optimizing the way PHP handles cURL and guides about using fb:ref tags and setFBML() to update your users' profiles. (I'll post the links here when I find them again) hInsert non-formatted text hereggInsert non-formatted text hereInsert non-formatted text here
[edit] Note
"Infinite" is a misnomer, as the session id is application- and instance-specific. If a user removes your application and re-adds it, the session id will change. Remember to update the value whenever the user adds the application, even if it already exists.
