Talk:Infinite session keys

From Facebook Developers Wiki

Jump to: navigation, search
  • While this article is useful it suggests breaking TOS of facebook by creating a user just for the infinite session_key.


[edit] Updating user A's profile with user B's session key

This article seem to suggest you can update any user's profile with your own session key. It doesn't seem to be the case, as errors occur when you try to do this. It looks like you have to capture each user's session key and then use that to update their profile.

update: this article explains it all.


[edit] Keeping secret keys secret

For a desktop application with an "infinite session", what are the recommended ways to keep the session keys secret? Do we need to worry about this? What happens when someone writes a virus that detects our app (or any Facebook Desktop app) that steals the keys (from a text file where I'm storing them) and posts spam on people's profile pages that have my app installed? I don't want that to happen. Is this a concern and are there any recommendations on how to manage it?

thanks-

Retrieved from "http://wiki.developers.facebook.com/index.php/Talk:Infinite_session_keys"