Invalid Facebook ID cached when renewing access token

[f2bo]

In the LoginAsync method of the FacebookSessionClient, whenever a cached access token expires, it's renewed by prompting with the OAuth dialog again. If the user changes the identity used to log in, the new session is cached, but the Facebook ID is never requested again, so the session data contains an access token for the new user but the Facebook ID corresponds to the previous user.

...
// Prompt OAuth dialog if force renew is true or
// if new permissions are requested or 
// if the access token is expired.
if (force || newPermissions || session.Expires <= DateTime.UtcNow)
{
    var authResult = await PromptOAuthDialog(permissions, WebAuthenticationOptions.None);
    if (authResult != null)
    {
        // THIS IS REUSING THE PREVIOUS SESSION OBJECT WITH A STALE ID
        session.AccessToken = authResult.AccessToken;
        session.Expires = authResult.Expires;
    }
}
...

[cwhsu1984]

My god... 5 months already and it hasn't been fixed... This is just the issue I saw on Windows phone 8 today, and according to Facebook custom webview should not be used from now on!!

[sanjeevdwivedi]

This issue has been fixed with the refactoring of the SDK.