Facebook Infinite Session Keys Are NOT Dead!

As the title suggests, Facebook claims to have done away with infinite session keys for some time now. What most of the wiki-based documentation doesn’t tell you, though, is that they’re still around, but under a different name, and they’re not acquired in the same way. It’s now a rather convoluted process, but here’s what you have to do:

  1. Type the following URL into a browser window, replacing YOUR_API_KEY with your Facebook app’s API key:


  2. If you’re not logged in, you’ll be prompted to do so, and you’ll then be redirected to the URL that you set as your default Canvas page. Note that appended to the redirected URL you will now have an auth_token parameter, but that’s not what we’re after.
  3. To get the infinite session key, you now have to go to the following URL, again replacing YOUR_API_KEY with your Facebook app’s API key:


  4. This time around, you’ll land on a Facebook page, prompting you to generate a special code. Click ‘Generate’, and you’ll now get your special one-time code, which will be used to generate the infinite session key.
  5. Using the PHP library provided by Facebook, you need to call auth_getSession() in a temporary PHP file, which I called test.php. Be sure to set the $facebook_api_key and $facebook_api_secret variables to the ones corresponding to your app, and $auth_token should be 5 character value that you got back from Facebook in the previous step. You’ll also need to include the Facebook PHP Library before the following code, of course!

    $facebook = new Facebook($facebook_api_key, $facebook_api_secret);

    $infinite_key_array = $facebook->api_client->auth_getSession($auth_token);


  6. Load this test file in your browser, and you’ll see an array printed out, with the first item labeled ‘session_key’, which you guessed it, is your infinite session key. Finally! Note that the ‘expires’ field is set to ‘0’, confirming that it really is an infinite key.
  7. Now for the last tricky part.. how to actually use this infinite session key. Whenever you initiate a new Facebook object, just tack on the following code right after. Note that I keep the infinite session key in a variable in a data file, so that way if it ever changes, I can change it in one place and have it work everywhere else. The $facebook_userid is simply your Facebook userid, mine is 626200190.

    $facebook->api_client->user = $facebook_userid;

    $facebook->api_client->session_key = $facebook_infinite_session_key;

    $facebook->api_client->expires = 0;

With the above code, you can now run cron jobs to update users’ FBML pages, post events through the API, and more. For the latter, be sure you also visit this page to grant yourself the required extended permissions.

If you have any questions, don’t hesitate to contact me, or leave a comment.

Read More | January 18, 2009