This project is read-only.

FB User log out and revisit page, API throws exception

Jun 16, 2011 at 4:08 AM
Edited Jun 16, 2011 at 4:30 AM

Hi guys,

I have a situation here and I'm still cracking my head on how to solve it.

Here's the scenario:

1. User visits my website (using IE 8 browser).

2. User clicks on Login to FB (in order for my App to retrieve his FB info via the Api graph).

3. User logins with his FB credential and Approve the App.

4. User is redirected back to the same page that he clicks on the Login to FB button (in step 2, because the button, will invoke the method RedirectToFacebookAuthorization() ).

5. User then logs out from (my website hasn't implement any log out button for this scenario).

6. User has successfully logged out from his FB account, he revisit my website.

7. My website throws out an exception message as below:

              OAuthException : Error validating access token: The session is invalid because the user logged out

8. The user clicks on Login to FB button on my website but no response. Even if he opens another IE browser window and click on the button, no response too.

Due to the scenario above and the incident in step no.8, the only way that I found out to solve it is that the user needs to clear all the cache and cookies from the browser, close the browser window, and then open up the IE browser window, in order to click on the Login to FB button.


What I discovered was that the SocialPage.Api  (the Api in the code behind) is not null despite the user has log out from FB, just the access token is already invalid.

Is there a way to clear up the Api object content like making the Api.AccessToken to be blank (but I do know that Api.AccessToken is read-only when I checked it out in the VS IDE)?

Please share with me on how to solve/rectify the above. Or is there an alternative to do this better?

Jun 16, 2011 at 5:50 PM

Unfornately, Facebook does not provide a way to validate access tokens. They suggest developers to do a try catch statement to determine whether the access token is valid. Future releases of the Graph Toolkit may provide a better exception control by distinguishing access token errors from other errors.

Jun 17, 2011 at 2:30 AM

Ok, I did the try catch and caught the exception (the one that I listed out) and I inform the user that you are log out of Facebook. But, the Api object still holds the invalid (outdated) Api.AccessToken as the user has log out from Facebook. 

Is there a way to allow the user to click on the Login to FB button again to obtain a new access token (from FB) in order to proceed further to my website?

It's not just IE, Firefox, Chrome, Opera and Safari face the same problem too. :(

Jun 17, 2011 at 3:23 PM

Call the RedirectToFacebookAuthorization method again.

Jun 20, 2011 at 3:17 AM

I've tried by putting  RedirectToFacebookAuthorization();  on the FB Button Login but it still gives me the error saying 

   OAuthException : Error validating access token: The session is invalid because the user logged out

Can you help to explain what's the below method do ? 


Can it be used to clear the the Api object like Api.AccessToken and Api.UserID ??

Jul 5, 2011 at 1:47 AM
Edited Jul 7, 2011 at 12:27 AM

I created a page logout.aspx and wrote the following code

public partial class Logout : Page
    protected override void OnInit(EventArgs e)
        Session["GraphApi"] = null;


then in the try catch statement I wrote

 catch (Facebook_Graph_Toolkit.FacebookException ex)

I use the logout.aspx to logout such as

    <script type="text/javascript">

        function FBlogout()

                }, 'logout.aspx');

            } catch (e)