Search Results

Search found 33454 results on 1339 pages for 'access token'.

Page 308/1339 | < Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315 | Next Page >

Isolated storage misunderstand

- by Costa

Hi this is a discussion between me and me to understand isolated storage issue. can you help me to convince me about isolated storage!! This is a code written in windows form app (reader) that read the isolated storage of another win form app (writer) which is signed. where is the security if the reader can read the writer's file, I thought only signed code can access the file! If all .Net applications born equal and have all permissions to access Isolated storage, where is the security then? If I can install and run Exe from isolated storage, why I don't install a virus and run it, I am trusted to access this area. but the virus or what ever will not be trusted to access the rest of file system, it only can access the memory, and this is dangerous enough. I cannot see any difference between using app data folder to save the state and using isolated storage except a long nasty path!! I want to try give low trust to Reader code and retest, but they said "Isolated storage is actually created for giving low trusted application the right to save its state". Reader code: private void button1_Click(object sender, EventArgs e) { String path = @"C:\Documents and Settings\All Users\Application Data\IsolatedStorage\efv5cmbz.ewt\2ehuny0c.qvv\StrongName.5v3airc2lkv0onfrhsm2h3uiio35oarw\AssemFiles\toto12\ABC.txt"; StreamReader reader = new StreamReader(path); var test = reader.ReadLine(); reader.Close(); } Writer: private void button1_Click(object sender, EventArgs e) { IsolatedStorageFile isolatedFile = IsolatedStorageFile.GetMachineStoreForAssembly(); isolatedFile.CreateDirectory("toto12"); IsolatedStorageFileStream isolatedStorage = new IsolatedStorageFileStream(@"toto12\ABC.txt", System.IO.FileMode.Create, isolatedFile); StreamWriter writer = new StreamWriter(isolatedStorage); writer.WriteLine("Ana 2akol we ashrab kai a3eesh wa akbora"); writer.Close(); writer.Dispose(); }

Read the article
Custom StyleCop rule not working as expected

- by Jon

I'm trying to write a StyleCop rule that disallows underscores anywhere. There is a rule to say that you cant have public string _myfield but I don't want underscores anywhere ie/method names, property names, method parameters. Below is my code but its not working properly. Can anyone suggest why? using Microsoft.StyleCop; using Microsoft.StyleCop.CSharp; namespace DotNetExtensions.StyleCop.Rules { [SourceAnalyzer(typeof(CsParser))] public class NoUnderScores : SourceAnalyzer { public override void AnalyzeDocument(CodeDocument document) { CsDocument csdocument = (CsDocument) document; if (csdocument.RootElement != null && !csdocument.RootElement.Generated) csdocument.WalkDocument(new CodeWalkerElementVisitor<object>(this.VisitElement), null, null); } private bool VisitElement(CsElement element, CsElement parentElement, object context) { if (!element.Generated) { foreach(var token in element.Tokens) { if (token.Text.Contains("_")) AddViolation(element, "NoUnderScores"); } } return true; } } }

Read the article
Error while trying to deploy blackberry application (Linker Error: 'VerifyError')

- by Irwin

Device: Curve 8520 OS: 4.6.1 JDE: 5.0.25 JDK: 1.6 Signed app? Yes. Hello, I'm trying to deploy a blackberry app (called 'ConstituenC') that works fine in the simulator. It uses restricted APIs, so I obtained a key from RIM and applied it via the Java Development Environment. When I attempt to run on my phone (BB Curve, 8520. OS: 4.6.1), it shows an error saying "'ConstituentC' attempts to access a secure API." The following is shown in the BB Event Log: Java Exception: Error starting ConstituentC: Module 'ConstituentC' attempts to access a secure API. Error starting ConstituentC: Module 'ConstituentC' attempts to access a secure API. Linker error: 'VerifyError' for ConstituentC Module 'ConstituentC' attempts to access a secure API module 9621 cannot reference net.rim.blackberry.api.mail.Store CMM: ConstituentC (9621) invalid sig for 0x424252 VM:LINK ConstituentC Any ideas on how this could be resolved?

Read the article
Preventing Doctrine from Dropping / Recreating Database When using build --all

- by Levi Hackwith

The problem: I have a database that's running on a shared server. I do not have permission to drop/ create a database via the command line doctrine SQLSTATE[42000]: Syntax error or access violation: 1044 Access denied for user 'opnsrce'@'173.236.128.0/255.255.128.0' to database 'dev'. Failing Query: "DROP DATABASE dev" doctrine Creating "all" environment "doctrine" database doctrine SQLSTATE[42000]: Syntax error or access violation: 1044 Access denied for user 'opnsrce'@'173.236.128.0/255.255.128.0' to database 'dev'. Failing Query: "CREATE DATABASE dev" This error occurs when I run /dh/cgi-system/php5.cgi symfony doctrine:build --all --no-confirmation The Question: How do I run build-all while simultaneously telling doctrine to not drop / create the database (it already exists)?

Read the article
Using Google AppEngine app as a OAuth provider

- by Alistair

Hi, I'm using the Google AppEngine 1.3.4 SDK which offers to allow your application to act as a OAuth service provider (http://code.google.com/appengine/docs/python/oauth/). Setting up a standard application on my localhost and using the following: Request URL /_ah/OAuthGetRequestToken Authorize URL /_ah/OAuthAuthorizeToken Access Token URL /_ah/OAuthGetAccessToken The client application just gets sent to a page requesting to grant OAuth access even though no user is logged in. Clicking 'Grant access' results in a message saying 'OAuth access granted' with no tokens or anything exchange. Can't see how this could work when it's not even prompting for a login. As this functionality is quite new I can't find much out there. I've created a OAuth provider before in Rails and know that you need a Consumer Key and Secret, something that seems to be lacking in GAE? Any ideas on how to get OAuth working in a sample GAE project are most welcome.

Read the article
Broken pipe error in rails with memcached

- by abronte

I keep running into this error MemCacheError (Broken pipe): Broken pipe on my Rails app and I can't figure out why. When I access memcached via Rails.cache in my controller, the first 1 or 2 read/writes always seems to throw the broken pipe error. But when I access memcached by creating a new object, ActiveSupport::Cache::MemCacheStore.new, I don't seem to get this error. I also access memcached in another ruby process, and the first read always has this error regardless of the way I access memcached. I did implement a work around just by retrying the read but id rather have a better long term solution. Currently the only time I see this problem is after I restart memcached. I'm using Rails 2.3.5 and memcached 1.4.4 (I've also tried this with memcached 1.2.2).

Read the article
oAuth provider with Django-piston

- by Martin Eve

Hi, I'm working with django-piston to attempt to create an API that supports oAuth. I started out using the tutorial at: http://blog.carduner.net/2010/01/26/django-piston-and-oauth/ I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes. The urls are successfully wired-up and the oAuth provider is called. However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error: Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0 The problem seems to lie inside the _check_signature method of Piston's oauth.py, where valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature) is returning false. I can't, however, work out how to get the signature validated. Any ideas?

Read the article
Accessing SQL Server using an IP Address and Port Number ... Help!

- by Mike

I need to access an SQL Server that is on a machine behind a firewall and you access this machine using an ip address like 95.95.95.33:6930 (not the real ip address) ... But, you get my point that by accessing 95.95.95.33 on port 6930, the firewall routes the requests to that particular machine ... My question is ... How do you construct a connection string to access the machine at address 95.95.95.33:6930 and then further access the SQL Server on port 1433 or maybe a different port like 8484 ??? Thanks Mike

Read the article
Is Rails default CSRF protection insecure

- by schickb

By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

Read the article
oauth process for twitter. the difference between client and web application

- by Radek

I managed to make the oauth process work for PIN kind of verification. My twitter application is client type. When enter authorize url into web browser and grant the application access then I have to enter pin in my ruby application. Can I finish the process of getting access token without the pin thing? My current code is like. What changes do I need to do to make it work without pin? gem 'oauth' require 'oauth/consumer' consumer_key = 'w855B2MEJWQr0SoNDrnBKA' consumer_secret ='yLK3Nk1xCWX30p07Id1ahxlXULOkucq5Rve28pNVwE' consumer=OAuth::Consumer.new consumer_key, consumer_secret, {:site=>"http://twitter.com"} request_token = consumer.get_request_token puts request_token.authorize_url puts "Hit enter when you have completed authorization." pin = STDIN.readline.chomp access_token = request_token.get_access_token(:oauth_verifier => pin) puts puts access_token.token puts access_token.secret

Read the article
How to control respond_to based on variable in Rails controller?

- by smotchkkiss

The dilemma I'm using a before_filter in my controller that restricts access to admins. However, I want to allow access public access to some methods based on request format. See the index method to understand what I'm talking about. items_controller.rb class ItemsController < ApplicationController before_filter :superuser_required layout 'superuser' def index @items = Item.all respond_to do |format| format.html format.js # I want public to have access to this end end def show @item = Item.find(params[:id]) respond_to do |format| format.html end end def new @item = Item.new respond_to do |format| format.html end end # remaining controller methods # ... def superuser_required redirect_to login_path unless current_user.superuser? end end

Read the article
acessing network shared folder with a username and password string in vb.net

- by Irene

i am using the following code to read the details from a network folder which is restricted for only one user shell("net use q: \\serveryname\foldername /user:admin pwrd", AppWinStyle.Hide, True, 10000) Process.Start(path) shell("net use q: /delete") when i run this to open any pdf or jpg or any other files except word/excel/powerpoint, everything is working fine. but the problem comes only when i access a word file. in the step one, i am giving permission to access the word file. in the step two, word file is open. in the third, i am deleting the q drive. the problem is the word file is still open. so i am getting a dos window, saying that "some connections of still connected or searching some folders, do you want to force disconnect" please help.... how to access a word file (editable files) providing user name and password from the code and at the same time he shoud not have access to any other folders directly.

Read the article
Displaying map stl

- by BSchlinker

Declared a map early on: map<char*,char*> rtable; // used to store routing information Now I'm attempting to display the contents of the map: void Routes::viewroutes(){ typedef map<char*, char*>::const_iterator iter; for (iter=rtable.begin(); iter != rtable.end(); ++iter) { cout << iter->second << " " << iter->first << endl; } } Receiving the error "expected primary-expression before '!=' token and for '-' token. Can't seem to understand the error I'm making here. Any ideas?

Read the article
Cookie won't unset

- by Jordan Satok

OK, I'm stumped, and have been staring at this for hours. I'm setting a cookie at /access/login.php with the following code: setcookie('username', $username, time() + 604800, '/'); When I try to logout, which is located at /access/logout.php (and rewritten to /access/logout), the cookie won't seem to unset. I've tried the following: setcookie('username', false, time()-3600, '/'); setcookie('username', '', time()-3600, '/'); setcookie('username', '', 1, '/'); I've also tried to directly hit /access/logout.php, but it's not working. Nothing shows up in the php logs. Any suggestions? I'm not sure if I'm missing something, or what's going on, but it's been hours of staring at this code and trying to debug.

Read the article
Python.expat can't parse XML file with bad symbols. How to go around?

- by culebrón

I'm trying to parse an XML file with expat, and here's the line where I get bad token exception: <tag k="name" v="???????????????????????????????????????????????????????????????????" /> xml.parsers.expat.ExpatError: not well-formed (invalid token): line 610127, column 37 The symbols in hex look like: \xd1? Seems like someone wrote this string (Russian alfabet) hitting backspace a few times. I set parser.returns_unicode = True, but this didn't help. The 1st line is <?xml version="1.0" encoding="UTF-8"?>. I work with a bz2 file. (bz2.BZ2File) How can I parse the file?

Read the article
Spring Security 3.0 - Intercept-URL - All pages require authentication but one

- by gav

Hi All, I want any user to be able to submit their name to a volunteer form but only administrators to be able to view any other URL. Unfortunately I don't seem to be able to get this correct. My resources.xml are as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http realm = "BumBumTrain Personnel list requires you to login" auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans> Specifically I am trying to achieve the access settings I described via; <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> Could someone please describe how to use intercept-url to achieve the outcome I've described? Thanks Gav

Read the article
Starting a VC++ .exe from MSAccess

- by Pieter_Jack

For a complex calculating problem we use an VC++ module (.exe). For the users we have build an ms Access application as userinterface. After input dthe calculating module should start and do its job. The result is again imported in Ms Access. However we work wit dBase files (.dbf) as datafiles. The calculating unit works fine by its own, but when access is running it wo'nt do its job. It will start-up when called from the Access module, but then generates errors or at least does not write correct results to a datatable. We cannot find the reason for this beheavior. Can anyone give us a tip?

Read the article
Using MySQL in Pydev Eclipse

- by Hossein

Hi, I am trying to access a MySQL database with python through Pydev Eclipse. I have installed the necessary files to access MysQL from python and I can access the database only when I write code in Python IDLE environment and run it from command prompt. However I am not able to run my applications from Pydev. when I use this "import MysqlDB" i get an error, but in IDLE no errors and my code runs very smoothly. Does anyone know were the problem is? Thanks

Read the article
Updated MVC 4 to 5.2.0 via Nuget Site compiles but wont run

- by hjavaher

I had the bright idea of updating my perfectly working ASP.Net MVC 4 application to the MVC 5 via nuget, Everything compiles just fine but when I try to run the application I get the following yellow screen of death. Has anyone gotten this or know how to solve it? I've searched for it and couldn't find any solutions. Please let me know if there is any farther information that would help you that I can give you. Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()' to access security critical method 'System.Web.WebPages.Razor.WebPageRazorHost.AddGlobalImport(System.String)' failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.MethodAccessException: Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()' to access security critical method 'System.Web.WebPages.Razor.WebPageRazorHost.AddGlobalImport(System.String)' failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [MethodAccessException: Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()' to access security critical method 'System.Web.WebPages.Razor.WebPageRazorHost.AddGlobalImport(System.String)' failed.] WebMatrix.WebData.PreApplicationStartCode.Start() +112 [InvalidOperationException: The pre-application start initialization method Start on type WebMatrix.WebData.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()' to access security critical method 'System.Web.WebPages.Razor.WebPageRazorHost.AddGlobalImport(System.String)' failed..] System.Web.Compilation.BuildManager.InvokePreStartInitMethodsCore(ICollection`1 methods, Func`1 setHostingEnvironmentCultures) +556 System.Web.Compilation.BuildManager.InvokePreStartInitMethods(ICollection`1 methods) +132 System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded) +102 System.Web.Compilation.BuildManager.ExecutePreAppStart() +153 System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException) +516 [HttpException (0x80004005): The pre-application start initialization method Start on type WebMatrix.WebData.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()' to access security critical method 'System.Web.WebPages.Razor.WebPageRazorHost.AddGlobalImport(System.String)' failed..] System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9885060 System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +101 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +254

Read the article
Making GWT application crawlable by a search engine.

- by Philippe Beaudoin

I want to use the #! token to make my GWT application crawlable, as described here: http://code.google.com/web/ajaxcrawling/ There is a GWT sample app available online that uses this, for example: http://gwt.google.com/samples/Showcase/Showcase.html#!CwRadioButton Will serve the following static webpage to the googlebot: http://gwt.google.com/samples/Showcase/Showcase.html?_escaped_fragment_=CwRadioButton I want my GWT app to do something similar. In short, I'd like to serve a different flavor of the page whenever the _escaped_fragment_ parameter is found in the URL. What should I modify in order for the server to serve something else (a static page, or a page dynamically generated through a headless browser like HTML Unit)? I'm guessing it could be the web.xml file, but I'm not sure. (Note: I thought of checking the Showcase app provided with the GWT SDK, but unfortunately it doesn't seem to support serving static files on _escaped_fragment_ and it doesn't use the #! token..)

Read the article
Connection string in app.config in a class library

- by Copeleto

I am creating solution and inside I have three projects: A WCF Service Library Project A DataAccess Project (Class Library) A Web site for hosting WCF service The implementation of the service is on the project # 1, but in order to access the DataBase I use a second project that implements the data access using a class library project. That problem is in order to get data access I need to configure a connection string, but that connection string must be configurable in a production environment, I meant in production I am going to deploy the site, which is a very simple project that contains only a reference WCF Service Library Project then a guy from database department will configure the connection string. In development I have an app.config on the data access project but when I do the release that app.config is embedded on the dll. Any ideas how can we achieve our purpose

Read the article
Design suggestion for expression tree evaluation with time-series data

- by Lirik

I have a (C#) genetic program that uses financial time-series data and it's currently working but I want to re-design the architecture to be more robust. My main goals are: sequentially present the time-series data to the expression trees. allow expression trees to access previous data rows when needed. to optimize performance of the data access while evaluating the expression trees. keep a common interface so various types of data can be used. Here are the possible approaches I've thought about: I can evaluate the expression tree by passing in a data row into the root node and let each child node use the same data row. I can evaluate the expression tree by passing in the data row index and letting each node get the data row from a shared DataSet (currently I'm passing the row index and going to multiple synchronized arrays to get the data). Hybrid: an immutable data set is accessible by all of the expression trees and each expression tree is evaluated by passing in a data row. The benefit of the first approach is that the data row is being passed into the expression tree and there is no further query done on the data set (which should increase performance in a multithreaded environment). The drawback is that the expression tree does not have access to the rest of the data (in case some of the functions need to do calculations using previous data rows). The benefit of the second approach is that the expression trees can access any data up to the latest data row, but unless I specify what that row is, I'll have to iterate through the rows and figure out which one is the last one. The benefit of the hybrid is that it should generally perform better and still provide access to the earlier data. It supports two basic "views" of data: the latest row and the previous rows. Do you guys know of any design patterns or do you have any tips that can help me build this type of system? Should I use a DataSet to hold and present the data, or are there more efficient ways to present rows of data while maintaining a simple interface? FYI: All of my code is written in C#.

Read the article
Temporarily impersonate and enable privileges?

- by Luke

We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), and if that fails that's the end of that. I've come up with the following: BOOL TryReallyHardToDeleteFile(LPCTSTR lpFileName) { // 1. caller without privilege BOOL bSuccess = DeleteFile(lpFileName); DWORD dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege DWORD dwOldRestorePrivilege = 0; BOOL bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 2. caller with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; if caller is impersonating then try as process HANDLE hToken = NULL; if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_IMPERSONATE, TRUE, &hToken)) { if(RevertToSelf()) { // 3. process without privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 4. process with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } } SetThreadToken(NULL, hToken); } CloseHandle(hToken); hToken = NULL; } } } if(!bSuccess) { SetLastError(dwError); } return bSuccess; } So first it tries as the caller. If that fails with access denied, it temporarily enables privileges in the caller's token and tries again. If that fails with access denied and the caller is impersonating, it temporarily unimpersonates and tries again. If that fails with access denied, it temporarily enables privileges in the process token and tries again. I think this should handle pretty much any situation, but I was wondering if there was a better way to achieve this? There are a lot of operations that we would potentially want to use this method (i.e. pretty much any operation that accesses securable objects).

Read the article
REST, caching, and authorizing with multiple user roles

- by keithjgrant

We have a system with multiple different levels of access--sometimes even for the same user as they switch between multiple roles. We're beginning a discussion on moving over to a RESTful implementation of things. I'm just starting to get my feet wet with the whole REST thing. So how do I go about limiting access to the correct records when they access a resource, particularly when taking caching into consideration? If user A access example.com/employees they would receive a different response than user B; user A may even receive a different response as he switches to a different role. To help facilitate caching, should the id of the role be somehow incorporated into the uri? Maybe something like example.com/employees/123 (which violates the rules of REST), or as some sort of subordinate resource like example.com/employees/role/123 (which seems silly, since role/### is going to be appended to URIs all over the place). I can help but think I'm missing something here.

Read the article
Creating a Facebook session for getting page info

- by Marty Haught

I am trying to get info on a page that my user is admin for. This user has granted my fb_connect app offline access. I have saved the session_key that allows offline access (it has the user's id in it). I am able to publish to this fan page with this session key. But when I try to access the page's info I get an SessionExpired error. This doesn't make sense. Look at the code and output below: p is is a 'profile' object that holds the three pieces of relevant fb data (user_id, session_key and page id) fb_session = Facebooker::Session.create = # fb_session.secure_with!(p.fb_session_key, p.fb_user_id, 0) = nil fb_session.user.has_permission?("offline_access") = true fb_session.user.has_permission?("publish_stream") = true fb_session.user.has_permission?("read_stream") = true pages = fb_session.fql_query("select fan_count from page where page_id = #{p.fb_page_id}") Facebooker::Session::SessionExpired: Session key invalid or no longer valid ... pages = fb_session.pages(:fields = {:page_ids = p.fb_page_id}) Facebooker::Session::SessionExpired: Session key invalid or no longer valid ... pages = Facebooker::Session.create.fql_query("select fan_count from page where page_id = #{p.fb_page_id}") = [#] Perhaps I'm not creating the session right or maybe offline access doesn't give me access to the user's page even though I have permissions to push to it. As you can see when I just use an anon session I'm able to get the fan count, which I'm guessing is publicly available. Does anyone have an idea on this?

Read the article

< Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315 | Next Page >