We have recently been having problems with Facebook log in. As in every user that logged in would be able to do one graph call to /me and then we got on of two errors:
"message": "Error validating access token: The session has been invalidated because the user has changed the password." "message":"Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons."
The first one seems to happen to new users on log in, and the second one happens more to people who have already authorized our app. It seems like they are able to get the Username for the first /me graph call, and then the oauth token gets screwed up for a long time (some of them eventually come back for some reason).
I recently found out that our code slams facebook twice for the me/home JSON. When I took this code out I was able to hit the graph API via Rest and it didn't give me the errors.
I've seen various errors mentioning issues with facebook but the problem was supposedly "fixed" and it's very hard to see why slamming facebook twice would kill our auth token - you'd think that we'd get a message about rate limiting.
Does anyone have an explanation for what this is? I still haven't verified that taking the second call out is the fix but so far it looks like it.
