Viewed   74 times

In the PHP 3.0 SDK there is no getSession() or any session handling from outside the Facebook api available. Some days ago the developers of facebook have also somehow updated the JavaScript sdk, according to this blog entry and this bug report.

Within the last few days, a change was introduced into the hosted JS SDK which broke all compatility between it and the current PHP SDK (2.x and 3.x). Developers who utilize both the JS and PHP SDK on their websites are likely to see server-side API failure.

However, I don't know if that really effects my problem. Like in this question's answer I am retrieving the access token of the OAuth dialog with PHP and save the new access token in the session.

Current workaround

The following code shows how I am handling this sessions. $_REQUEST['session'] is the content of the response of the OAuth dialog.

if(isset($_REQUEST['session'])) {

    $response = json_decode(stripslashes($_REQUEST['session']), true);

    if(isset($response['access_token'])) {
        $_SESSION['access_token'] = $this->api->getAccessToken();

elseif(isset($_SESSION['access_token']) && ! isset($_REQUEST['signed_request'])) 
elseif(isset($_REQUEST['signed_request'])) {
    $_SESSION['access_token'] = '';

Here is how I handle the user data:

try {
    $this->user = Session::getVar('fbuser');
    if ($this->user === false || is_null($this->user)) {
        $facebookUser = $this->api->api('me?fields=id,name,first_name,last_name');
        $this->user = new FBUserModel(array('fbId' => $facebookUser['fbId'], ...));
        Session::setVar('fbuser', $this->user);

The Problem

Everything looks fine while testing. Only once an error occured: the first time after permission was set. Now, since the app is online, it seems as if the error occurs on average with every second user in

$facebookUser = $this->api->api('me?fields=id,name,first_name,last_name');

with the error:

An active access token must be used to query information about the current user.


So why is this happening? It is very hard to debug since the error seems to only occur when a user enters the app the first time, after the app authentication and the access token has changed. And even that is not happening every time. How should I handle the session and access token right with the new PHP SDK?

Any help would be highly appreciatied!


I found out that there are some IE issues with cookies/session inside an iFrame. As seen in this blog post. With that hint and some further research I added the following lines in my bootstrap:

ini_set('session.use_trans_sid', 1);

Now its much better, but the information from about 2 of 50 users get lost between the steps landing page (authentication) -> formular -> and registration. So there is still something I missed.

Edit 2

I edited my user handling from

if ($this->user === false || is_null($this->user)) {
    // get user data


if ((is_object($this->user) && $this->user->fbId == '') || $this->user === false || is_null($this->user)) {
    // get user data

This seems to help a little bit. I think the main problem is somewhere in my session.

Furthermore I added a try/catch block to see if somewhere in my app a Facebook OAuthException is thrown. If this is the case, I redirect the top location to the Facebook Page and Tab to get a new signed request. Though this might help solve this problem, I want to prevent my app from having to redirect the user.

Edit 3

After some days of intense debugging and logging I found out, that the $_REQUEST['session'] coming from the FB.ui permissions.request method is empty infrequently.

Here is how I handle it:

This is the stuff I always included:

FB.provide("UIServer.Methods", {'permissions.request': {size : {width: 575, height: 300}, url: 'connect/uiserver.php', transform : FB.UIServer.genericTransform}});

And this function is called on form submit. Always worked for me, but somehow it still sends the form although session == ''.

function getPermission(form) {

    session = $('#' + $(form).attr('id') + ' input[name="session"]');

    if($(session).val() != '') {

    FB.ui({method: "permissions.request", "perms": 'user_photos'}, function callback(info){
        if(info.status=='connected' && info.session !== null) {



My solution

Well, since everything I did was just a workaround until the new JS SDK comes out, there seems to be no best practice. Setting session.use_trans_sid to 1 and adding the P3P header helped to overcome IE iFrame cookie issues (see my first edit). After a few days of heavy debugging I found out, that FB.ui's permission_request does not send a new access token everytime (<5%).

If this happens, something went wrong. But this little something is driving me crazy. Since this happens infrequently, I can bear redirecting users back to the facebook tab to get a new signed request. With the new JS SDK, hopefully, this won't happen anymore.

Update: final solution

There was one little thing I have overseen and the solution can be found here: FB is not defined problem
I did not load the JS SDK asynchronously! This explains everything. Sometimes the all.js file was not loaded fast enough, so there was a JS error. Due to that, neither the permission dialog nor the JS validation worked and an empty #session input value was sent.

Thursday, August 18, 2022

I hope that I have just found the answer.


require 'facebook.php';

// Create our Application instance.
$facebook = new Facebook(array(
  'appId'  => '',
  'secret' => '',
  'cookie' => true,

//If the database contains user's session, use it.
$session = array(
    'uid' => '',
    'session_key' => '',
    'secret' => '',
    'access_token' => ''
$sessionStr = '';
foreach($session as $sessionKey => $sessionValue) $sessionStr .= implode('=', array($sessionKey, $sessionValue));
$session['sig'] = md5($sessionStr.'App Secret');
$facebook->setSession($session, false);

Tuesday, October 25, 2022

You need to make an API call, for this you can use Facebook Graph API. Look at the following API for albums

This is for generic purpose, however you need to first pull all the friends from here

To fetch the albums of a friend you also need to set permissions


You can simply fetch the album like this{userId}/albums?accessToken=something

PS. you need to pull albums of friends one by one.

Thursday, October 20, 2022

Ok... Not to sure what the exact details of why your session are acting like this - I must state too that I am not very well versed in PHP sessions and have not has extensive experience with them.

My suggestion would be to let the JavaScript SDK do its work... let it "re-detect" your session successfully and after it has done so, make an AJAX call to your server. In the processing of that call you can create and re-initiate the PHP SDK hence reviving your session.

Additionally you could call the FB.getAuthResponse periodically to ensure that the users session is still valid ( at least in the JavaScript SDK ).

From the Fb.getLoginStatus() documentation :

    status: 'connected',
    authResponse: {
        accessToken: '...',
} }

By testing for the presence of the authResponse object within the response object, you can be sure the user is known to your app and you can begin to make further calls to the Facebook APIs. If the authResponse object is not present, the user is either not logged into Facebook, or has not authorized your app.

Sunday, November 20, 2022

I ended up creating an integration of my own, you can download it here from GitHub:

Wednesday, October 26, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :