I have the facebook_sdk that I am using to authenticate facebook users on my app. Everything is fine but when the user is logged out for facebook he is logged out but his information still is on my application . So I want to kill session by the time he logged out. So Can you help me this. I have seen many posts related But didn't find correct answer to my case.
So I want to kill session by the time he logged out.
Give a redirect_uri parameter when creating your logout URL, and put a script there that calls session_destroy().
Facebook SDK does not kill session in my application, so I edited the method getLogoutUrl in base_facebook.php and now It is fine.
public function getLogoutUrl($params=array()) {
session_destroy();
return $this->getUrl(
'www',
'logout.php',
array_merge(array(
'next' => $this->getCurrentUrl(),
'access_token' => $this->getUserAccessToken(),
), $params)
);
}
Related
I have been using this code for facebook sdk logout but its not working. However i can login iwth it successfully. Here is the code.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
}
else {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'user_about_me, user_hometown')
);
}
?>
<?php if ($user){ ?>
Logout Here
<?php }else{ ?>
Login with Facebook
<?php }?>
The default Facebook SDK uses php's built in session implementation to store it's data. Among these the last logged in user id.
When your user clicks on the logout link, facebook will log her out, and send her back to your site, however facebook can't delete the values in your site's $_SESSION. Add a next parameter to the $facebook->getLogoutUrl() so facebook will send the user back there, and you can clear the whole session (after all the user has logged out) with session_destroy.
If you don't want to clear the whole session just the facebook specific values, there's a method for that called destroySession on the BaseFacebook class (for some reason not listed in offical sdk docs).
I have a website that is using both the PHP SDK and JS SDK.
After updating to OAuth in both, I've noticed that logging out of JS doesn't actually log the user out of PHP.
It seems like the general solution is to make a call for '/me' and then, if that errors, assume the user has logged out. However, I don't need to call /me on every page render, I just want to know whether the user is signed in without the performance hit of a FB API call on every render.
Is there a way for the PHP SDK to be informed of a logout that happened via the JS SDK?
Some things I've tried:
Comment out the contents of setPersistentData in Facebook.php
Manually delete the fbsr_::appid:: cookie
Thanks!
setcookie(session_name(), '', time()-42000, '/');
unset($_SESSION);
get the user access token from facebook library
$access_token = $this->facebook->getAccessToken();
and then use this code in the logout function
if ($this->facebook_user)
{
$logoutUrl = $this->facebook->getLogoutUrl()."&access_token=".$access_token;
redirect($logoutUrl);
}
And make some changes in facebook library file.
public function getLogoutUrl($params=array()) {
return $this->getUrl(
'www',
'logout.php',
array_merge(array(
'next' => $this->getCurrentUrl(),
), $params)
);
}
I am using a modified version php-sdk version 3.0.0 sample code at github.com/facebook within the CodeIgniter framework as a helper.
My problem is just as the title says: When I click the logout anchor (provided by $Facebook->getLogoutUrl()) I am redirected back to the same page and receive an OAuthException:
Fatal error: Uncaught OAuthException: Error validating access token: The session is invalid because the user logged out. thrown in [...]/base_facebook.php on line 959
When I refresh, it loads the "login" anchor like it normally would. What is happening on that refresh/post-back that isn't happening on that initial redirect?
I realize this is limited information but due to the problem I think it may be a simple fix.
EDIT: This post seems to be relevant: http://forum.developers.facebook.net/viewtopic.php?id=71219
Specifically this line:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
However, I am not sure how to implement this and still use $facebook->getLogoutUrl();.
Thanks in advance and just let me know if more information is necessary.
I was having the same problem and nearly pulling my hair out. However, after some research, it appears the problem is an offending cookie. This line on logout should fix it:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
Ensure to add the '.' before the domain name if subdomains are being used.
I hope this helps!
As suggested, I tried:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
This didn't work. What I did, was to just copy from the fb example code:
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
The middle part, with if try get user_profile, is a test to get the user profile, and if it fails the userid will be unset. This will make the last part with getLoginUrl() and getLogoutUrl() correct.
I do believe setting the cookie is more correct, than to try a request and see if it fails... but since the setcookie didn't work, I didn't have a choice :(
Stupid facebook that returns a token with this $user = $facebook->getUser();, when the user actually is logged out.
Hope this helps those who is in need.
From the looks of your error it would appear your website is still trying to connect to Facebook using the SDK. When you run the logout function provided by Facebook make sure to clear whatever sessions or storage you have that triggers calls to Facebook.
It's likely that they aren't being cleared before you attempt your Facebook logout, and this is why it still thinks you have a connection but then works fine on refresh.
What I ended up doing was this:
$facebook->getLogoutUrl(array('next' => site_url('logout')));
Then in the 'logout' controller:
$_SESSION = array();
$this->load->view('myoriginalview');
On logout, the facebook logout url's query string redirect_uri value is set to redirect to the 'logout' controller which then clears the session and loads the view on which the logout button existed in the first place. Everything functions fine. Now I just have to figure out how to handle an expired session as opposed to a logged out user -_-
EDIT:
What I've done now is invalidate the cookie in the proper manner as described on the facebook developers forum. I really wish their documentation was better and described this for their PHP SDK.
I am using Facebook php-sdk in my iframe facebook app to get user login status.
Right after I sign out using facebook Account > Log out link, the session is not destroyed yet. I must wait a few minutes before old session expires, then my app will again get the correct login status.
I expect the facebook to kill itself and the session when user signs out. How do I manually kill the session?
Here is my code:
$initParams = array(
'appId' => $conf['app_id'],
'secret' => $conf['secret_api_key'],
'cookie' => TRUE,
);
$fb = new Facebook($initParams);
$fb->getSession(); // will return a session object eventhough user signed out!
SOLVED:
calling $fb->api('/me') will destroy the session if user has previously logged out.
I've changed my code as following:
if ($session)
{
try
{
$fbuid = $fb->getUser();
$me = $fb->api('/me');
}
catch(FacebookApiException $e){}
}
If the API call is unsuccessful, $session will be set to NULL. Very weird behavior, I don't explain everything that is going on here but it solved my problem of having residual session object not being updated via getSession() method.
I'm using $fb->getUser() and what I did was almost identical with yours.
if ($fb->getUser())
{
try
{
$me = $fb->api('/me');
}
catch(FacebookApiException $e){
**$fb->destroySession();**
}
}
I found that using only API to check whether FB is logged out or not sometimes is inconsistent, but with destroySession(), the session will surely be destroyed.
if you are using the javascript FB.INIT calls on the login page, then set status to false from true.
details about the status attribute :
http://developers.facebook.com/docs/reference/javascript/FB.init/
Try finding the formatData function somewhere at LoginWindow (AS3) and find this line:
vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL
Change the value for http://www.facebook.com/ and logout from that html page when logged in.
This is a temporary solution to logout if you are developer, not the end user.
Facebook should disassociate the session from the account that the session belonged to. You can use Facebook::getUser() to check whether this was done:
if ($fb->getUser() === null) {
// User logged out
} else {
// User logged in
}
Try $facebook->setSession(null) or using javascript Logout
Logout does not work any way you do.
Try posting this link in your browser, after you log in to facebook.
https://www.facebook.com/logout.php
What happen? it takes you to your facebook. No logout at all.
What ever you do, check the function (depends on your API) handleLogout and check the output. In my case, it returns the entire facebook html page.
The only way I've managed to solve this problem was by clearing the session using the signed request to check the user id:
$facebook = Membership::getFacebookApp();
$signed_request = $facebook->getSignedRequest();
if(isset($_SESSION['facebook_id']) && $signed_request['user_id'] != (int)$_SESSION['facebook_id']){
$_SESSION = array();
}
I'm doing some integration with Facebook on a project (using graph api) and everything was working fine until now I discovered that facebook doesn't clear my session when I click on the logout url. I'm doing logout through php, not javascript, so the logout url looks like:
https://www.facebook.com/logout.php?next=url&access_token=token
After clicking on that link the user is logged out on facebook, but the session still exists on my website. To actually clear the session I have to refresh the page one more time after clicking that url. This is a strange behavior, in my opinion.
What you guys think of this? I tried even to personally remove the facebook cookie, but it is still there, and it is cleared only after I hit the refresh button on my browser.
p.s. to get the facebook session I do something like this:
My_Facebook_Helper::instance()->getSession(); //it should be === null if it doesn't exist
p.p.s. it could be a bug? i don't remember having this issue about a week ago when I first started to implement this
I ran into this bug and realized it wasn't that the session wasn't being cleared, but if you have offline access, it will automatically get you a new session.
Try finding the formatData function somewhere at LoginWindow (AS3) and find this line:
vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL
Change the value for 'http://www.facebook.com/' and logout from that html page when logged in.
This is a temporary solution to logout if you are developer, not the end user.
This is registered as a bug. Please add your own repro to this bug to help get it fixed
http://developers.facebook.com/bugs/250825644953332
I have just a solved a simular problem today.
Try using this to get your session:
$session = $facebook->getSession();
And this could also help for the logout url:
$logoutUrl = $facebook->getLogoutUrl(array('next' => $url, 'session_key' => $session['session_key']));
Hope it helps!
I tried this
$logoutUrl = $facebook->getLogoutUrl(array('next' => 'some url', 'session_key' => $session_key)) . 'session_key=null';