search

agorapulse / grails-facebook-sdk

Facebook SDK Grails Plugin
http://agorapulse.github.com/grails-facebook-sdk/guide
30 stars 13 forks source link

What happens if token expires and cookie is still alive? #41

Closed confile closed 11 years ago

confile commented 11 years ago

If I set the rememberMe cookie to 3 months and the facebook token lifetime is only two months what happens in this case with the application? Does it raises an error? Or does the facebook sdk request a new token?

What would be a good practice?

benorama commented 11 years ago

Yes, it will generate an exception if the token is expired or not valid anymore when you'll try to use it on Facebook APIs. That's why you need to try/catch all your calls to the APIs: you need to handle invalid/expired tokens everywhere. For example, if a user changes his password on Facebook, the token will not be valid anymore.

If you have an invalid token exception, you can call the facebookContext.user.invalidate(), it will delete the Facebook cookies and Facebook related session data.

try {
  // Do some API calls
} catch (FacebookException exception) {
  if (exception.message.find('Error validating access token')) {
    facebookContext.user.invalidate()
    // Then redirect to login page
  }
}