C# - Facebook API Errors With "Session Key Invalid Or No Longer Valid"?
Mar 10, 2010
Doing some work with Facebook connect/the RESTful API and for some reason i keep getting this error
Session key invalid or no longer valid As far as i can tell im authenticating correctly. Getting the session key from the cookie after the facebook connect dialog pops up and the user logs in. Then i open up the extended permissions dialog to allow posting events and offline access. But then if the user was to logout of facebook the session key becomes unusable. What am i doing wrong here? Is there any good examples of doing this with ASP.NET/C#?
I cache information about the currently logged in user in the session. This info lazy loads whenever a CurrentUser property on my global application class is used. It does this by calling GetUser() on my custom implementation of MembershipProvider, which either loads the user up from the session, or loads the user from the DB and throws the user object in the session.
How should I handle this scenario?
User logs in. Administrator deletes user (or deactivates...the point is they can't log in any more). User's session expires. User navigates to a page or makes a request, or whatever.
Currently if this scenario occurs, NullReferenceExceptions are thrown all over the place, because the ASP .NET framework calls GetUser() which returns nothing because it can't find the user in the database (and there's nothing in the session because it expired).
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
When user log's in with it's emaild and password, I have stored it's email id in session variable as: Session("user"). After logged in, If i leave the page kept opened OR ideal for sometime and after thatt if I select any option from user profile, the session variable get expired and send's me back to login page. I want that if I would create 2 to 3 session variable's it should remain activated for longer period. So that even if page kept ideal for longer period and then if selects any option, the session variable's should not be expired soon.
We currently have a public-facing .Net 4 application running with the default session timeout value of 20 mins. Are there any significant security risks with lengthening that to 60 mins or longer?
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
strange error message in IIS after updating Windows 7 (x64) with SP1. Open the IIS Manager Browse to an exisiting Virtual Application (or create a new one) Open its Basic Settings dialog Click Test Settings The error message comes up. It's happening with new Applications and also with ones that were already there (and without that problem) before. The applications themselves continue to work.
We have been receiving reports of the following server error periodically from users. [OutOfMemoryException: Exception of type System.OutOfMemoryException was thrown.] [HttpException (0x80004005): Unable to serialize the session state.] Please note that non-serializable objects or MarshalByRef objects are not permitted when session state mode is "StateServer" or "SQLServer".
Once in a state where this error appears, it appears to be hit or miss whether the errors are reproducible locally. If they are, then we can usually reproduce them for a couple minutes, but not on every page hit. This usually tapers off on its own and usually has resolved itself by the time we get back in contact with the users. The Web Service has around 90-100 active connections during business hours. The only other site on this server is the staging version of this site, which gets hit very infrequently. The Session State is stored on the same SQLServer instance as the application database which is housed on a fairly large cluster of virtual machines.
Neither the Web Server or the SQLServer seemed to be taxed (either processor or memory-wise) while this is going on. The distribution of which pages are erroring seems to be comparable to the normal distribution for each page. There doesn't appear to be any pattern in terms of times of occurrence. We do have less errors on average on weekends (which correlates to normal site load), but even this appears to not be consistent. There also doesn't appear to be a correlation between the errors logged and any kind of logged performance monitor events. This includes an array of perfmon counters including:
.NET CLR Jit(w3wp) otal # of IL Bytes Jitted .NET CLR Jit(w3wp)IL Bytes Jitted / sec .NET CLR Jit(w3wp)\% Time in Jit .NET CLR Jit(w3wp)# of Methods Jitted .NET CLR Jit(w3wp)# of IL Bytes Jitted ASP.NET Apps v1.1.4322(__Total__)Requests Failed ASP.NET Apps v1.1.4322(__Total__)Errors Unhandled During Execution/Sec ASP.NET Apps v1.1.4322(__Total__)Errors Unhandled During Execution ASP.NET Apps v1.1.4322(__Total__)Cache Total Turnover Rate ASP.NET Apps v1.1.4322(__Total__)Errors During Preprocessing ASP.NET Apps v1.1.4322(__Total__)Errors During Execution ASP.NET Apps v1.1.4322(__Total__)Requests Executing ASP.NET Apps v1.1.4322(__Total__)Requests Total ASP.NET Apps v1.1.4322(__Total__)Errors Total ASP.NET Apps v1.1.4322(__Total__)Sessions Abandoned ASP.NET Apps v1.1.4322(__Total__)Errors Total/Sec ASP.NET Apps v1.1.4322(__Total__)Anonymous Requests/Sec ASP.NET Apps v1.1.4322(__Total__)Requests/Sec ASP.NET Apps v1.1.4322(__Total__)Session SQL Server connections total ASP.NET Apps v1.1.4322(__Total__)Cache Total Hit Ratio ASP.NET v1.1.4322Requests Current ASP.NET v1.1.4322Request Execution Time MemoryPages/sec Bytes Total/sec PhysicalDisk(_Total)Avg. Disk Queue Length Processor(_Total)\% Processor Time Web Service CacheFile Cache Hits % Web Service CacheFile Cache Misses Web Service CacheFile Cache Hits Web Service(_Total)Current Connections Web Service(_Total)Post Requests/sec)
The only pattern I can see in the logs doesn't correlate to the occurrence of these errors, but is the only pattern I can see. Looking at the perfmon logs we are seeing a pattern where the "Total # of IL Bytes Jitted", "IL Bytes Jitted / sec", "% Time in Jit", "# of Methods Jitted", and "# of IL Bytes Jitted" counters for the staging site (which shouldn't be getting any traffic) doesn't pull data for a 20-50 minute period after which there is an immediate spike in "IL Bytes Jitted / sec" and a jump in "% Time in Jit" for 2-20 minute of up to 99% for the main site.
I'm creating an HttpCookie, setting only the name and value and not the expires property, then adding it to the response. Simple enough. The cookie is created (but not persisted) as expected. The problem is when the session changes for some reason (like the website was rebuilt, or I rebuilt my app when debugging) then the cookie stays around. I want the cookie to be valid for only the original session it was created on.
According to MSDN it says: "If you do not specify an expiration limit for the cookie, the cookie is not persisted to the client computer and it expires when the user session expires." I guess I don't know exactly what "session expires" encompasses. I figure the cookie gets deleted after 20 min when the session expires. But should the cookie get deleted if the session it was created on doesn't exist anymore for any number of reasons? The only time I've seen the cookie get deleted is when the user closes all browser windows and opens a new one.
If this is all true, I may have to store the original session id ("ASP.NET_SessionId") in the cookie, then check it against the current session id, if they're different, then delete the cookie or create a new one.
Here's the code (the only difference between my cookie and the one in the MSDN examples is I'm storing multiple values in the cookie):
private void SaveValuesToCookie(string[] names, string[] values) { HttpCookie cookie = new HttpCookie("MyCookie"); for (int i = 0; i < names.Length; i++) { string name = names[i]; cookie.Values[name] = values[i]; } Response.Cookies.Add(cookie); } private string GetValueFromCookie(string name) { HttpCookie cookie = Request.Cookies["MyCookie"]; if (cookie == null) return null; return cookie.Values[name]; }
I'm getting a very peculiar problem with my asp.net application, it took me an age to track down but I still don't know what is causing this behaviour.
If I set a session variable in the Application_PreRequestHandlerExecute event, then my external JavaScript files are ignored, and therfore causing a raft of errors. I have simplified the problem below.
E.g.
I have file called JScript.js containing the code:
function myAlert() { alert("Hi World"); }
And in my Default.aspx file I reference the js with the code:
And in the body onload event I call the myAlert() function:
<body onload="myAlert()">
And finally in the Global.asax file:
Private Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs) HttpContext.Current.Session("myVar") = "MyValue" End Sub
If you run the Default.aspx file you will see the js function isnt called, however, if you comment out the line of code Global.asax then the external js is called and the function executed when the page loads.
am a ASP.NET developer using Facebook Developer Toolkit to develop a facebook flash application with flash developer.When the user plays the game for a certain period of time, there are chances that the facebook session expires and I can't call any Facebook API for processing as a result.
Code: Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load Try Response.Write(Session("ValidUser").ToString & "<br />") Catch ex As System.Exception Response.Write("Valid User Session Variable Not Found: " & ex.ToString & "<br />") End Try
[Code] .....
This the page that users are redirected to after logging on and, after verifying their credentials at the log-on stage, should show 'Hello DonaldDuck@Disney.com, Welcome to my website'.
Do these errors mean that the user cannot be validated in the database?
System.InvalidCastException was unhandled by user code
Message=Specified cast is not valid.
Source=App_Web_donate.aspx.cdcab7d2.wqdohvu3 StackTrace: at Donate.LoadUserDetails() in C:UsersSimonDesktopLocal SitesCats ProtectionNewDonate.aspx.vb:line 261 at Donate.btnDonate30_Click(Object sender, EventArgs e) in C:UsersSimonDesktopLocal SitesCats ProtectionNewDonate.aspx.vb:line 205 at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
InnerException: I have made the important bits Bold I have the following code which is generating this error:
[Code]....
I am not entirely sure what is causing it. Its completley intermitent. I am storing all the details of a user filling in a form in a structure, and then assigning that structure to a session variable. This means if they page back, and then page forward again, I can pre-populate the form with the details they have already filled in for their conveinience by using the above code snippet. It appears that it works for a good minute, but if I leave the browser alone any longer than roughly 60 seconds, and then try and page forward to the form again, the exception will fire. While writing this post, the exception has occured in again in firefox, but interestingly, Google Chrome doesn't seem to have this problem. It looks like I can leave chrome alone for as long as I want and it will still work.
I made really basic facebook application, which collect permission from user to post data. Some time ago (around New year) it worked fine.I am using http://facebooktoolkit.codeplex.com, and my code looks like this:
public partial class Facebook : CanvasFBMLBasePage { protected void Page_Load(object sender, EventArgs e)
I have a C# web forms ASP.NET 4.0 web application that uses Routing for URLs for some reason custom errors defined in the system.web section of my web.config is entirely ignored and it will fall back the IIS errors.
This gets entirely ignored
[code]....
This would be a minor inconvenience except that by the fact it falls back to IIS native instead of my application it completely circumvents Elmah logging my 404 exceptions correctly.
Having a very strange problem and just wondered if anyone could shed some light on it. I have a page that takes a file and posts it (using a flash control) to another page on the same site. Now this other paged is used simply to take the file from the request and save it to disk. However when i try and set a session value there the calling page can not access this session variable (no matter how long i do a thread.sleep. It is simply nit finding the variable.
When i looked deeper into this I ran trace.axd and much to my surprise the page that is called does not show up in the list. But it is defnitely being called as the file that the original page sent has been saved to disk.
im trying to set some session state variables but im getting back the error:Error 3 The name 'txtFirstName' does not exist in the current contextHere is what I added into the event handler of a submit button
while i was typing this code, the text field names such as txtLastName were popping up in intellisense, so that would lead me to believe that they ARE in context, but im still getting this error. I've also tried:
I am getting this error "The session state information is invalid and might be corrupted " as i hve checked all my session variable initialized with some default value and the existing code works fine in version 1.1 but on conversion it is giving specified error. The error comes when i simply click on a link to redirect to some other page.
I see that only name,group,email address we can access at facebook send button. How can i send to my facebook page wall (where i am admin) by clicking facebook send button. It's by default don't show it.
I need to develop a login where user can login from his facebook account. When user login first time, an auth dialog should open from facebook asking to user for access permission and than it should move to one of my page where I can retrieve user email address and first name & last name through his facebook access token. How to achieve this?
