Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

auto refresh session every 20 minutes

adds logic to setup a timer to ping login_status every 20 minutes. we
only do this if getLoginStatus() was invoked at least once. this ensures
that applications that do not want to fetch sessions in JS will not
get this timer. if the session will not expire, we do not setup a timer

Test Plan:
For testing, I reduced the timeout from 20 minutes to 30 seconds. Then
tested that the timer is setup on page load, if a session is found, and
on login, if a session is returned.

DiffCamp Revision: 120550
Reviewed By: wzhu
CC: platform-diffs@lists, lshepard, brent, mattwkelly, wzhu, selekman
Revert Plan:
  • Loading branch information...
1 parent 1800a4c commit 5b15174c7c9b9ea669499804d4a4c7d80771b036 @daaku daaku committed
Showing with 16 additions and 0 deletions.
  1. +16 −0 src/core/auth.js
16 src/core/auth.js
@@ -333,6 +333,22 @@ FB.provide('Auth', {'auth.sessionChange', response);
+ // re-setup a timer to refresh the session if needed. we only do this if
+ // FB.Auth._loadState exists, indicating that the application relies on the
+ // JS to get and refresh session information (vs managing it themselves).
+ if (FB.Auth._refreshTimer) {
+ window.clearTimeout(FB.Auth._refreshTimer);
+ delete FB.Auth._refreshTimer;
+ }
+ if (FB.Auth._loadState && session && session.expires) {
+ // refresh every 20 minutes. we don't rely on the expires time because
+ // then we would also need to rely on the local time available in JS
+ // which is often incorrect.
+ FB.Auth._refreshTimer = window.setTimeout(function() {
+ FB.getLoginStatus(null, true); // force refresh
+ }, 1200000); // 20 minutes
+ }
return response;

0 comments on commit 5b15174

Please sign in to comment.
Something went wrong with that request. Please try again.