That might happen if there is a session key stored in the facebook
session and a different one comes in via params. We should definitely
always use the one from the params if it differs from one stored in
the Rails session.
Mike
On Jul 17, 2008, at 11:43 AM, Christopher Redinger wrote:
> I haven''t been able to look into this too deeply yet, but I was
> wondering if anybody had any insight into this problem.
>
> For some of my users, Facebook is sending a Facebooker::Session object
> with a session_key, let''s say it''s ABC. This is the one
that gets
> returned by Facebooker as my facebook_session, in set_facebook_session
> via session_already_secured?
>
> However, if I try to actually use it, I''ll get the well known
> ''Facebooker::Session::SessionExpired Exception: Session key
invalid or
> no longer valid'' error. It does appear to be a valid key for that
> user, since it does have the users id tacked onto the end of it.
>
> If I look in facebook_params, I see another session_key, let''s say
> DEF. If I use this key, for instance using the
> secure_with_facebook_params! method, I can use it just fine.
>
> Frustratingly, this problem doesn''t happen for all users.
Sometimes
> the key in facebook_params and in the session are the same.
>
> Any ideas on what might be going on? At this point I''m considering
> always using the secure_with_facebook_params! method, and just
> ignoring the session_already_secured? response.
>
> --
> Christopher Redinger
> http://www.agiledisciple.com
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
--
Mike Mangino
http://www.elevatedrails.com