What user info to store in database?

Jun 3, 2011 at 3:31 AM
Edited Jun 3, 2011 at 3:35 AM

Hi guys,

I read 1 of the discussions here and found out that the Access Token changes when the user logs out.

However, I did a test earlier when I used IE to have a user login and the user grants/allow the App, I got one Access Token. This user didn't sign out from FB at IE browser.

On another browser -- Firefox, the same user login to the same app, and I check the Access Token, it's still the same.

Then I logout from IE, and then I reopen another IE browser and login, I still can see that the Access Token is the same!?

But when I try in Opera Browser, the Access Token is different already.

Here's what I want to do, I have a website that has its own login/registration. I want to integrate/include Facebook login to my website. In otherwords, user can choose to login using the username/password of my website OR using his Facebook account to login (which will use the SocialPage.RedirectToFacebookAuthorization method). If he choose to use his Facebook account and he is a new user to my website, I have  a method to create an account for him with minimal information and then include his valid Facebook credential.

Question here is: what user info to store? Access Token? Or just the FB user ID? Or something else?

If Access Token which is say based on Api.AccessToken from Facebook_Graph_Toolkit.GraphApi.Api SocialPage.Api, doesn't the Access Token change all the time??

Btw, I'm using the Facebook_Graph_Toolkit_3.5dll and  JSON_3.5.dll

 

Please advice.

Coordinator
Jun 7, 2011 at 6:45 AM

You should not store the AccessToken because:

1. AccessToken expires after a few hours (unless you granted offline_access)

2. AccessTokens are automatically invalid when the user changes the password on Facebook (no matter if you grant offline_access or not)

My advice is to use the UserID as the identifier, and store some info that your site frequently use, such as user name, sex, etc.