Facebooker talk - Mar 2008 - Facebooker::Session::SessionExpired (Session key invalid or no longer valid)

Hi All,

I''m having horrible problems with this exception, which seems to happen
as
soon as I access the session object.  Does anyone know what the path is to
recover from this?  This post looked to be the most promising:
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html

And I followed all of the steps except switching my session store, and
modifying the default protect_from_forgery setting, as I wasn''t
comfortable
doing either just for the sake of this plugin.  In any case, I''d still
want
to know how to handle this exception once it''s thrown, since it
doesn''t seem
like the kind of thing that''s totally fatal.

As soon as I try to access the uid of the logged in user, I get this:

Facebooker::Session::SessionExpired (Session key invalid or no longer
valid):
    /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
`process''
    /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in `parse''
    /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in `post''
    /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in `post''
    /vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
`populate''
    /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in `uid''

I''m trying to figure out how to recover, create a new session if this
one is
invalid.

Thanks!
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080324/f1378fa2/attachment.html

Hey,

I was having this problem yesterday, but it got resolved after I
switched to Active Record session store.



Jatinder

On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at lianza.org>
wrote:
> Hi All,
>
> I''m having horrible problems with this exception, which seems to
happen as
> soon as I access the session object.  Does anyone know what the path is to
> recover from this?  This post looked to be the most promising:
> http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
>
> And I followed all of the steps except switching my session store, and
> modifying the default protect_from_forgery setting, as I wasn''t
comfortable
> doing either just for the sake of this plugin.  In any case, I''d
still want
> to know how to handle this exception once it''s thrown, since it
doesn''t seem
> like the kind of thing that''s totally fatal.
>
> As soon as I try to access the uid of the logged in user, I get this:
>
> Facebooker::Session::SessionExpired (Session key invalid or no longer
> valid):
>     /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
`process''
>      /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
`parse''
>     /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
`post''
>     /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
`post''
>      /vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> `populate''
>     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in `uid''
>
> I''m trying to figure out how to recover, create a new session if
this one is
> invalid.
>
> Thanks!
> Tom
>
> _______________________________________________
>  Facebooker-talk mailing list
>  Facebooker-talk at rubyforge.org
>  http://rubyforge.org/mailman/listinfo/facebooker-talk
>
>

Yeah,  storing sessions in cookies is problematic with facebook.
The protect from forgery setting is necessary when doing ajax through the
Facebook Proxy.

Dave

On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <jatinder.saundh at
gmail.com>
wrote:
> Hey,
>
> I was having this problem yesterday, but it got resolved after I
> switched to Active Record session store.
>
>
>
> Jatinder
>
> On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at lianza.org>
wrote:
> > Hi All,
> >
> > I''m having horrible problems with this exception, which seems
to happen
> as
> > soon as I access the session object.  Does anyone know what the path
is
> to
> > recover from this?  This post looked to be the most promising:
> >
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> >
> > And I followed all of the steps except switching my session store, and
> > modifying the default protect_from_forgery setting, as I
wasn''t
> comfortable
> > doing either just for the sake of this plugin.  In any case,
I''d still
> want
> > to know how to handle this exception once it''s thrown, since
it doesn''t
> seem
> > like the kind of thing that''s totally fatal.
> >
> > As soon as I try to access the uid of the logged in user, I get this:
> >
> > Facebooker::Session::SessionExpired (Session key invalid or no longer
> > valid):
> >     /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
`process''
> >      /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
`parse''
> >     /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
`post''
> >     /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
`post''
> >      /vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > `populate''
> >     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in
`uid''
> >
> > I''m trying to figure out how to recover, create a new session
if this
> one is
> > invalid.
> >
> > Thanks!
> > Tom
> >
> > _______________________________________________
> >  Facebooker-talk mailing list
> >  Facebooker-talk at rubyforge.org
> >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> >
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080324/fc0887e9/attachment.html

Thank you all for the much appreciated help, but it doesn''t appear to
resolve the issue (aside from making it easier to clear my sessions, since I
can now just run DELETE against the database).

If I clear my session in the database, the error goes away.  If I install
the app, it works fine.  If I uninstall it and return to it, invariably, my
session key has become invalid again.  I understand that the app is not
installed (and parts of my app don''t require installation) but I
don''t
understand why my session is "invalid."

As per the facebooker tutorial, I have a before_filter on all of my actions
that looks like this:

def setup_facebook_session
    set_facebook_session
    @current_facebook_session = facebook_session
end

I then interrogate that instance variable, which is then throwing the
exception when I access properties of the user.

Thanks,
Tom

On Mon, Mar 24, 2008 at 7:39 PM, David Clements <digidigo at gmail.com>
wrote:
> Yeah,  storing sessions in cookies is problematic with facebook.
> The protect from forgery setting is necessary when doing ajax through the
> Facebook Proxy.
>
> Dave
>
>
> On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <jatinder.saundh at
gmail.com>
> wrote:
>
> > Hey,
> >
> > I was having this problem yesterday, but it got resolved after I
> > switched to Active Record session store.
> >
> >
> >
> > Jatinder
> >
> > On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at lianza.org>
wrote:
> > > Hi All,
> > >
> > > I''m having horrible problems with this exception, which
seems to
> > happen as
> > > soon as I access the session object.  Does anyone know what the
path
> > is to
> > > recover from this?  This post looked to be the most promising:
> > >
> >
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> > >
> > > And I followed all of the steps except switching my session
store, and
> > > modifying the default protect_from_forgery setting, as I
wasn''t
> > comfortable
> > > doing either just for the sake of this plugin.  In any case,
I''d still
> > want
> > > to know how to handle this exception once it''s thrown,
since it
> > doesn''t seem
> > > like the kind of thing that''s totally fatal.
> > >
> > > As soon as I try to access the uid of the logged in user, I get
this:
> > >
> > > Facebooker::Session::SessionExpired (Session key invalid or no
longer
> > > valid):
> > >     /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
> > `process''
> > >      /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
`parse''
> > >     /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
`post''
> > >     /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
`post''
> > >     
/vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > > `populate''
> > >     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in
`uid''
> > >
> > > I''m trying to figure out how to recover, create a new
session if this
> > one is
> > > invalid.
> > >
> > > Thanks!
> > > Tom
> > >
> > > _______________________________________________
> > >  Facebooker-talk mailing list
> > >  Facebooker-talk at rubyforge.org
> > >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> > >
> > >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080324/5604ba88/attachment-0001.html

That message means that the session you have stored is no longer  
valid. This typically happens when you are using the wrong session  
key. Are you sure that the session key you are using matches the one  
that came from Facebook for that user?

Mike


On Mar 24, 2008, at 10:21 PM, Tom Lianza wrote:
> Thank you all for the much appreciated help, but it doesn''t appear
> to resolve the issue (aside from making it easier to clear my  
> sessions, since I can now just run DELETE against the database).
>
> If I clear my session in the database, the error goes away.  If I  
> install the app, it works fine.  If I uninstall it and return to it,  
> invariably, my session key has become invalid again.  I understand  
> that the app is not installed (and parts of my app don''t require  
> installation) but I don''t understand why my session is
"invalid."
>
> As per the facebooker tutorial, I have a before_filter on all of my  
> actions that looks like this:
>
> def setup_facebook_session
>     set_facebook_session
>     @current_facebook_session = facebook_session
> end
>
> I then interrogate that instance variable, which is then throwing  
> the exception when I access properties of the user.
>
> Thanks,
> Tom
>
> On Mon, Mar 24, 2008 at 7:39 PM, David Clements <digidigo at
gmail.com>
> wrote:
> Yeah,  storing sessions in cookies is problematic with facebook.
>
> The protect from forgery setting is necessary when doing ajax  
> through the Facebook Proxy.
>
> Dave
>
>
> On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <jatinder.saundh at
gmail.com
> > wrote:
> Hey,
>
> I was having this problem yesterday, but it got resolved after I
> switched to Active Record session store.
>
>
>
> Jatinder
>
> On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at lianza.org>
wrote:
> > Hi All,
> >
> > I''m having horrible problems with this exception, which seems
to
> happen as
> > soon as I access the session object.  Does anyone know what the  
> path is to
> > recover from this?  This post looked to be the most promising:
> >
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> >
> > And I followed all of the steps except switching my session store,  
> and
> > modifying the default protect_from_forgery setting, as I
wasn''t
> comfortable
> > doing either just for the sake of this plugin.  In any case,
I''d
> still want
> > to know how to handle this exception once it''s thrown, since
it
> doesn''t seem
> > like the kind of thing that''s totally fatal.
> >
> > As soon as I try to access the uid of the logged in user, I get  
> this:
> >
> > Facebooker::Session::SessionExpired (Session key invalid or no  
> longer
> > valid):
> >     /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in  
> `process''
> >      /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in  
> `parse''
> >     /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in  
> `post''
> >     /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in  
> `post''
> >      /vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > `populate''
> >     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in
`uid''
> >
> > I''m trying to figure out how to recover, create a new session
if
> this one is
> > invalid.
> >
> > Thanks!
> > Tom
> >
> > _______________________________________________
> >  Facebooker-talk mailing list
> >  Facebooker-talk at rubyforge.org
> >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> >
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
--
Mike Mangino
http://www.elevatedrails.com

Thanks for the response, Mike.

I''m fairly certain it''s the request for that user, as
I''m in development
mode and I''m the only user of the app.  Also, I run that before_filter
on
*every* request to set the facebook session in an instance variable.  I was
following the pattern from the facebooker tutorial (rightly or wrongly).

I was hacking around and even put in a bit of logic to rescue from the
invalid session, and if so, attempt to create a new one.  It''s not code
I
want to keep in my app, but I was just trying to figure out if there exists
a way to rescue from this.  As it turns out, it still doesn''t work. 
The
plugin hands me an "invalid" session again.

begin
  fb_uid = @current_facebook_session.user.uid
rescue
  RAILS_DEFAULT_LOGGER.error("Rescuing from error when accessing facebook
session: #{$!}")
  #delete anything we may have stored in the current rails session
  session.delete
  #call out to the plugin to make sure we get a fb session back
  set_facebook_session
  @current_facebook_session = facebook_session
end

I was under the impression that the plugin was supposed to be managing this,
but my mental model may be wrong.  I''m not sure to what extent our apps
are
supposed to be managing/storing the session.  I think I heard someone
comment that they were putting the session id in the database with their
user model, but that didn''t make a lot of sense to me (based on the
metaphor
of what a "session" usually means).  Is that what people are doing?

Thanks!
Tom

On Tue, Mar 25, 2008 at 6:25 AM, Mike Mangino <mmangino at
elevatedrails.com>
wrote:
> That message means that the session you have stored is no longer
> valid. This typically happens when you are using the wrong session
> key. Are you sure that the session key you are using matches the one
> that came from Facebook for that user?
>
> Mike
>
>
> On Mar 24, 2008, at 10:21 PM, Tom Lianza wrote:
> > Thank you all for the much appreciated help, but it doesn''t
appear
> > to resolve the issue (aside from making it easier to clear my
> > sessions, since I can now just run DELETE against the database).
> >
> > If I clear my session in the database, the error goes away.  If I
> > install the app, it works fine.  If I uninstall it and return to it,
> > invariably, my session key has become invalid again.  I understand
> > that the app is not installed (and parts of my app don''t
require
> > installation) but I don''t understand why my session is
"invalid."
> >
> > As per the facebooker tutorial, I have a before_filter on all of my
> > actions that looks like this:
> >
> > def setup_facebook_session
> >     set_facebook_session
> >     @current_facebook_session = facebook_session
> > end
> >
> > I then interrogate that instance variable, which is then throwing
> > the exception when I access properties of the user.
> >
> > Thanks,
> > Tom
> >
> > On Mon, Mar 24, 2008 at 7:39 PM, David Clements <digidigo at
gmail.com>
> > wrote:
> > Yeah,  storing sessions in cookies is problematic with facebook.
> >
> > The protect from forgery setting is necessary when doing ajax
> > through the Facebook Proxy.
> >
> > Dave
> >
> >
> > On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <
> jatinder.saundh at gmail.com
> > > wrote:
> > Hey,
> >
> > I was having this problem yesterday, but it got resolved after I
> > switched to Active Record session store.
> >
> >
> >
> > Jatinder
> >
> > On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at lianza.org>
wrote:
> > > Hi All,
> > >
> > > I''m having horrible problems with this exception, which
seems to
> > happen as
> > > soon as I access the session object.  Does anyone know what the
> > path is to
> > > recover from this?  This post looked to be the most promising:
> > >
> http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> > >
> > > And I followed all of the steps except switching my session
store,
> > and
> > > modifying the default protect_from_forgery setting, as I
wasn''t
> > comfortable
> > > doing either just for the sake of this plugin.  In any case,
I''d
> > still want
> > > to know how to handle this exception once it''s thrown,
since it
> > doesn''t seem
> > > like the kind of thing that''s totally fatal.
> > >
> > > As soon as I try to access the uid of the logged in user, I get
> > this:
> > >
> > > Facebooker::Session::SessionExpired (Session key invalid or no
> > longer
> > > valid):
> > >     /vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
> > `process''
> > >      /vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
> > `parse''
> > >     /vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
> > `post''
> > >     /vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
> > `post''
> > >     
/vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > > `populate''
> > >     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in
`uid''
> > >
> > > I''m trying to figure out how to recover, create a new
session if
> > this one is
> > > invalid.
> > >
> > > Thanks!
> > > Tom
> > >
> > > _______________________________________________
> > >  Facebooker-talk mailing list
> > >  Facebooker-talk at rubyforge.org
> > >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> > >
> > >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080325/b28e6dee/attachment.html

Hey Tom,

The before filter that you sent before calls "set_facebook_session" --
you
don''t need to do this, and I looked in the tutorial and I
don''t think I see
that anywhere. Can you point me to that?

If you are calling:

ensure_application_is_installed_by_facebook_user or
ensure_authenticated_to_facebook

facebooker will set up your facebook_session for you.  Also,  you
don''t need to call user.uid, user.id should suffice.

Dave



On Tue, Mar 25, 2008 at 11:15 AM, Tom Lianza <tom at lianza.org> wrote:
> Thanks for the response, Mike.
>
> I''m fairly certain it''s the request for that user, as
I''m in development
> mode and I''m the only user of the app.  Also, I run that
before_filter on
> *every* request to set the facebook session in an instance variable.  I was
> following the pattern from the facebooker tutorial (rightly or wrongly).
>
> I was hacking around and even put in a bit of logic to rescue from the
> invalid session, and if so, attempt to create a new one.  It''s not
code I
> want to keep in my app, but I was just trying to figure out if there exists
> a way to rescue from this.  As it turns out, it still doesn''t
work.  The
> plugin hands me an "invalid" session again.
>
> begin
>   fb_uid = @current_facebook_session.user.uid
> rescue
>   RAILS_DEFAULT_LOGGER.error("Rescuing from error when accessing
facebook
> session: #{$!}")
>   #delete anything we may have stored in the current rails session
>   session.delete
>   #call out to the plugin to make sure we get a fb session back
>   set_facebook_session
>   @current_facebook_session = facebook_session
> end
>
> I was under the impression that the plugin was supposed to be managing
> this, but my mental model may be wrong.  I''m not sure to what
extent our
> apps are supposed to be managing/storing the session.  I think I heard
> someone comment that they were putting the session id in the database with
> their user model, but that didn''t make a lot of sense to me (based
on the
> metaphor of what a "session" usually means).  Is that what people
are doing?
>
> Thanks!
> Tom
>
>
> On Tue, Mar 25, 2008 at 6:25 AM, Mike Mangino <mmangino at
elevatedrails.com>
> wrote:
>
> > That message means that the session you have stored is no longer
> > valid. This typically happens when you are using the wrong session
> > key. Are you sure that the session key you are using matches the one
> > that came from Facebook for that user?
> >
> > Mike
> >
> >
> > On Mar 24, 2008, at 10:21 PM, Tom Lianza wrote:
> > > Thank you all for the much appreciated help, but it
doesn''t appear
> > > to resolve the issue (aside from making it easier to clear my
> > > sessions, since I can now just run DELETE against the database).
> > >
> > > If I clear my session in the database, the error goes away.  If I
> > > install the app, it works fine.  If I uninstall it and return to
it,
> > > invariably, my session key has become invalid again.  I
understand
> > > that the app is not installed (and parts of my app don''t
require
> > > installation) but I don''t understand why my session is
"invalid."
> > >
> > > As per the facebooker tutorial, I have a before_filter on all of
my
> > > actions that looks like this:
> > >
> > > def setup_facebook_session
> > >     set_facebook_session
> > >     @current_facebook_session = facebook_session
> > > end
> > >
> > > I then interrogate that instance variable, which is then throwing
> > > the exception when I access properties of the user.
> > >
> > > Thanks,
> > > Tom
> > >
> > > On Mon, Mar 24, 2008 at 7:39 PM, David Clements <digidigo at
gmail.com>
> > > wrote:
> > > Yeah,  storing sessions in cookies is problematic with facebook.
> > >
> > > The protect from forgery setting is necessary when doing ajax
> > > through the Facebook Proxy.
> > >
> > > Dave
> > >
> > >
> > > On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <
> > jatinder.saundh at gmail.com
> > > > wrote:
> > > Hey,
> > >
> > > I was having this problem yesterday, but it got resolved after I
> > > switched to Active Record session store.
> > >
> > >
> > >
> > > Jatinder
> > >
> > > On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at
lianza.org> wrote:
> > > > Hi All,
> > > >
> > > > I''m having horrible problems with this exception,
which seems to
> > > happen as
> > > > soon as I access the session object.  Does anyone know what
the
> > > path is to
> > > > recover from this?  This post looked to be the most
promising:
> > > >
> >
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> > > >
> > > > And I followed all of the steps except switching my session
store,
> > > and
> > > > modifying the default protect_from_forgery setting, as I
wasn''t
> > > comfortable
> > > > doing either just for the sake of this plugin.  In any case,
I''d
> > > still want
> > > > to know how to handle this exception once it''s
thrown, since it
> > > doesn''t seem
> > > > like the kind of thing that''s totally fatal.
> > > >
> > > > As soon as I try to access the uid of the logged in user, I
get
> > > this:
> > > >
> > > > Facebooker::Session::SessionExpired (Session key invalid or
no
> > > longer
> > > > valid):
> > > >    
/vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
> > > `process''
> > > >     
/vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
> > > `parse''
> > > >    
/vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
> > > `post''
> > > >    
/vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
> > > `post''
> > > >     
/vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > > > `populate''
> > > >     /vendor/plugins/facebooker/lib/facebooker/model.rb:35:in
`uid''
> > > >
> > > > I''m trying to figure out how to recover, create a
new session if
> > > this one is
> > > > invalid.
> > > >
> > > > Thanks!
> > > > Tom
> > > >
> > > > _______________________________________________
> > > >  Facebooker-talk mailing list
> > > >  Facebooker-talk at rubyforge.org
> > > >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> > > >
> > > >
> > > _______________________________________________
> > > Facebooker-talk mailing list
> > > Facebooker-talk at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/facebooker-talk
> > >
> > >
> > > _______________________________________________
> > > Facebooker-talk mailing list
> > > Facebooker-talk at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> > --
> > Mike Mangino
> > http://www.elevatedrails.com
> >
> >
> >
> >
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080325/bee65722/attachment-0001.html

I think I finally understand Facebook sessions:
http://www.inter-sections.net/2007/10/22/the-low-down-on-facebook-sessions/

As it turns out, when a user uninstalls your app, the session key becomes
invalid.  The key is an infinitely-timed as long as they have your app
installed.  However, it appears that even after a user uninstalls the app,
facebooker will continue to send that stale key.  I presume that''s
because
it has no way of knowing that the key has become stale (.expired? still
returns false).  I''m not sure if this is a facebooker bug or a
limitation of
the facebook platform.

This is the issue I was bumping into.  The reason I''m probably hitting
it
moreso than others is that I''m calling set_facebook_session separately
from
ensure_application... etc.  The reason I''m doing *that* is because
I''m using
RESTful authentication.  When a user hits my pages (either inside facebook
our outside) they get checked for authentication.  This is *different* from
requiring them to have an application installed.  If they''re not
authenticated (and they''re trying to do something that requires it),
*then*
I call ensure_application... etc. But, not everything requires them to have
the application installed, so I don''t call ensure_application... on
every
request, but I do call set_facebook_session.

So, currently when I check the user, I just rescue
Facebooker::Session::SessionExpired, and assume when I encounter that, that
the user is not logged in (because they''d installed and removed the
app).
Kinda gross, but seems to do the job.  I''m open to suggestions.  If
nothing
else, I hope this post helps someone.

Thanks!
Tom

On Tue, Mar 25, 2008 at 10:45 AM, David Clements <digidigo at gmail.com>
wrote:
> Hey Tom,
>
> The before filter that you sent before calls
"set_facebook_session" -- you
> don''t need to do this, and I looked in the tutorial and I
don''t think I see
> that anywhere. Can you point me to that?
>
> If you are calling:
>
> ensure_application_is_installed_by_facebook_user or
ensure_authenticated_to_facebook
>
> facebooker will set up your facebook_session for you.  Also,  you
don''t need to call user.uid, user.id should suffice.
>
> Dave
>
>
>
> On Tue, Mar 25, 2008 at 11:15 AM, Tom Lianza <tom at lianza.org>
wrote:
>
> > Thanks for the response, Mike.
> >
> > I''m fairly certain it''s the request for that user,
as I''m in development
> > mode and I''m the only user of the app.  Also, I run that
before_filter on
> > *every* request to set the facebook session in an instance variable. 
I was
> > following the pattern from the facebooker tutorial (rightly or
wrongly).
> >
> > I was hacking around and even put in a bit of logic to rescue from the
> > invalid session, and if so, attempt to create a new one. 
It''s not code I
> > want to keep in my app, but I was just trying to figure out if there
exists
> > a way to rescue from this.  As it turns out, it still doesn''t
work.  The
> > plugin hands me an "invalid" session again.
> >
> > begin
> >   fb_uid = @current_facebook_session.user.uid
> > rescue
> >   RAILS_DEFAULT_LOGGER.error("Rescuing from error when accessing
> > facebook session: #{$!}")
> >   #delete anything we may have stored in the current rails session
> >   session.delete
> >   #call out to the plugin to make sure we get a fb session back
> >   set_facebook_session
> >   @current_facebook_session = facebook_session
> > end
> >
> > I was under the impression that the plugin was supposed to be managing
> > this, but my mental model may be wrong.  I''m not sure to what
extent our
> > apps are supposed to be managing/storing the session.  I think I heard
> > someone comment that they were putting the session id in the database
with
> > their user model, but that didn''t make a lot of sense to me
(based on the
> > metaphor of what a "session" usually means).  Is that what
people are doing?
> >
> > Thanks!
> > Tom
> >
> >
> > On Tue, Mar 25, 2008 at 6:25 AM, Mike Mangino <
> > mmangino at elevatedrails.com> wrote:
> >
> > > That message means that the session you have stored is no longer
> > > valid. This typically happens when you are using the wrong
session
> > > key. Are you sure that the session key you are using matches the
one
> > > that came from Facebook for that user?
> > >
> > > Mike
> > >
> > >
> > > On Mar 24, 2008, at 10:21 PM, Tom Lianza wrote:
> > > > Thank you all for the much appreciated help, but it
doesn''t appear
> > > > to resolve the issue (aside from making it easier to clear
my
> > > > sessions, since I can now just run DELETE against the
database).
> > > >
> > > > If I clear my session in the database, the error goes away. 
If I
> > > > install the app, it works fine.  If I uninstall it and
return to it,
> > > > invariably, my session key has become invalid again.  I
understand
> > > > that the app is not installed (and parts of my app
don''t require
> > > > installation) but I don''t understand why my session
is "invalid."
> > > >
> > > > As per the facebooker tutorial, I have a before_filter on
all of my
> > > > actions that looks like this:
> > > >
> > > > def setup_facebook_session
> > > >     set_facebook_session
> > > >     @current_facebook_session = facebook_session
> > > > end
> > > >
> > > > I then interrogate that instance variable, which is then
throwing
> > > > the exception when I access properties of the user.
> > > >
> > > > Thanks,
> > > > Tom
> > > >
> > > > On Mon, Mar 24, 2008 at 7:39 PM, David Clements <digidigo
at gmail.com>
> > > > wrote:
> > > > Yeah,  storing sessions in cookies is problematic with
facebook.
> > > >
> > > > The protect from forgery setting is necessary when doing
ajax
> > > > through the Facebook Proxy.
> > > >
> > > > Dave
> > > >
> > > >
> > > > On Mon, Mar 24, 2008 at 8:23 PM, Jatinder Singh <
> > > jatinder.saundh at gmail.com
> > > > > wrote:
> > > > Hey,
> > > >
> > > > I was having this problem yesterday, but it got resolved
after I
> > > > switched to Active Record session store.
> > > >
> > > >
> > > >
> > > > Jatinder
> > > >
> > > > On Mon, Mar 24, 2008 at 7:21 PM, Tom Lianza <tom at
lianza.org> wrote:
> > > > > Hi All,
> > > > >
> > > > > I''m having horrible problems with this
exception, which seems to
> > > > happen as
> > > > > soon as I access the session object.  Does anyone know
what the
> > > > path is to
> > > > > recover from this?  This post looked to be the most
promising:
> > > > >
> > >
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
> > > > >
> > > > > And I followed all of the steps except switching my
session store,
> > > > and
> > > > > modifying the default protect_from_forgery setting, as
I wasn''t
> > > > comfortable
> > > > > doing either just for the sake of this plugin.  In any
case, I''d
> > > > still want
> > > > > to know how to handle this exception once it''s
thrown, since it
> > > > doesn''t seem
> > > > > like the kind of thing that''s totally fatal.
> > > > >
> > > > > As soon as I try to access the uid of the logged in
user, I get
> > > > this:
> > > > >
> > > > > Facebooker::Session::SessionExpired (Session key
invalid or no
> > > > longer
> > > > > valid):
> > > > >    
/vendor/plugins/facebooker/lib/facebooker/parser.rb:386:in
> > > > `process''
> > > > >     
/vendor/plugins/facebooker/lib/facebooker/parser.rb:15:in
> > > > `parse''
> > > > >    
/vendor/plugins/facebooker/lib/facebooker/service.rb:13:in
> > > > `post''
> > > > >    
/vendor/plugins/facebooker/lib/facebooker/session.rb:399:in
> > > > `post''
> > > > >
> > >  /vendor/plugins/facebooker/lib/facebooker/models/user.rb:71:in
> > > > > `populate''
> > > > >    
/vendor/plugins/facebooker/lib/facebooker/model.rb:35:in `uid''
> > > > >
> > > > > I''m trying to figure out how to recover,
create a new session if
> > > > this one is
> > > > > invalid.
> > > > >
> > > > > Thanks!
> > > > > Tom
> > > > >
> > > > > _______________________________________________
> > > > >  Facebooker-talk mailing list
> > > > >  Facebooker-talk at rubyforge.org
> > > > >  http://rubyforge.org/mailman/listinfo/facebooker-talk
> > > > >
> > > > >
> > > > _______________________________________________
> > > > Facebooker-talk mailing list
> > > > Facebooker-talk at rubyforge.org
> > > > http://rubyforge.org/mailman/listinfo/facebooker-talk
> > > >
> > > >
> > > > _______________________________________________
> > > > Facebooker-talk mailing list
> > > > Facebooker-talk at rubyforge.org
> > > > http://rubyforge.org/mailman/listinfo/facebooker-talk
> > >
> > > --
> > > Mike Mangino
> > > http://www.elevatedrails.com
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080325/0f13de90/attachment.html