From Facebook Developer Wiki

r93821 | jtung | 2008-04-15 19:16:40 -0700 (Tue, 15 Apr 2008) | 54 lines

• Bug fix so that when granting an infinite session to a user who already has a valid temporary session with the app, we just change the timeout for the current session instead of granting a new key
• bug 307

r94316 | jleszcze | 2008-04-17 21:23:46 -0700 (Thu, 17 Apr 2008) | 22 lines

• Allows server-side sessions to create/promote session secrets through an added parameter to auth.getSession and the new API function auth.promoteSession, to allow interaction with the client-side (JavaScript) API client library. Note that regular server-side signature logic will still use the application secret.