Secure my web service from being called without an active Facebook session

I am working on a Facebook canvas app (it's a flash app), all Facebook calls are done from the client (JS SDK), I have set up a php web service on my server to store and read data from my data base, so basically at the moment I'm not using the Facebook php sdk at all.

What would be the simplest way to secure my web service from being called without an active Facebook session?

UPDATE: Worked it out, Paul's answer is correct, thanks @Paul.

The issue was simple: initializing the JS sdk is done AFTER php session started so further calls to my php files were not recognized as logged in. In order for it to work I initialized the Facebook session in the file that embeds the swf (was Html, now it's php), this means that handling users that did not yet authorized the application is done via php, before the swf is even loaded. Now I can rely on active session and user identification in my web service, coffee tastes much better now.


I don't think there is a really good way to do this without checking that the FB access token is valid.

If I were you, I'd use the SDK to validate the sessions. It's super easy to use just grab it from here and try the following code:

require 'php-sdk/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'YOUR_APP_ID',
  'secret' => 'YOUR_APP_SECRET',

// See if there is a user from a cookie
$user = $facebook->getUser();

if ($user) {
    // you have a secure session

Need Your Help

CSS transitions with calc() do not work in IE10+

css internet-explorer css-transitions

I am animating a container on mouseover from right to the left with CSS transitions. This works fine in all browsers except Internet Explorer. The reason is that I am using (and need to use) calc()...

How to select specific value in foreach smarty?

php arrays foreach smarty

I am trying to get only 3 values from my array in foreach loop.I dont know how to do this.