I have a mobile application that I’m using with Facebook connect. I’m having trouble getting an offline_access session key after a user has granted extended permissions.

Here’s the user flow:

1. User goes to my site for the first time
2. I send them to m.facebook.com/tos.php? and pass my api key and secret
3. The user logs in using Facebook connect
4. Facebook returns them to a page in my site, mysite/login-success.php with an auth_token in the query string
5. On mysite/login-success.php I instantiate the FB api client and check to see if I already have an offline_access session key for them:
   $facebook = new Facebook($appapikey, $appsecret);
6. If they haven’t already provided offline_access FB gives me a temporary session key I need to get offline_access permission from the user so I forward them on to http://www.facebook.com/connect/prompt_permissions.php? and pass offline_access in the querystring.
7. The user authorizes offline_access and get forwarded to mysite/permissions-success.php

The problem I’m having is that after instantiating the API client on permissions-success.php the session key I have is still the temporary session key, not a new offline_access session key.

The only way I’ve found to get the offline_access key is to delete all cookies for the user and then have them login again using Facebook connect. A fairly poor user experience.

Can anyone shed some light on how to use the Facebook api to generate a new session key even if one already exists (in my case a temporary session key)?