I have a facebook login tie on this site, but can't get it working correctly. So I downloaded the latest php SDK and set up the example here:
http://thedrinknation.com/facebook-php-sdk-70030bb/examples/with_js_sdk.php
I've had some success getting the Javascript to work, but the PHP never is able to figure out who the user is.
(NOTE: the link I posted above is the CLEAN code downloaded from github - I just changed the APPid, and Secret ID).
I'm looking for some direction - do I have a setting wrong on FB? Like application type, or something?
-Jim
JS-SDK is working in a correct way setting cookie and returning login status.
The issue probably related to the fact that your server never returning cookies back to browser. So every time page is refreshed new cookie is generated by JS-SDK. The only cookie it ever sent to browser is PHPSESSID which was send only if missing.
Seems that every time FB.getLoginStatus() is called new cookie is generated. Are you sure you have correct application settings like "App Domains" and "Site/Canvas URL"?
Related
Is it possible to realize such flow:
User puts login and password into form on my site and submits it
My server grabs data and uses Guzzle or another tool to make a request and proceed with authentication some site (for example facebook)
Facebook sends back cookies back to guzzle, which will contain some token(s) which will be used further.
Server sets cookies for the user. Next time user would like to go on facebook - he will be logged in (using grabbed earlier cookies)
I am using PHP and Guzzle on server, but it does not quite matter.
As I guess, it is not possible, because we should set cookies for another domain, which is not secure. But, I haven't found any alike topics, so I must be sure.
Thanks!
The issue here is I am trying to login into my system via ajax. Let me explain it to your first.
when my user puts in his login details it will be send to the server via Ajax request and then once it gets verified i create an entry into a session and save the information like userid and logged_in flag.
And then i return those value through Json back to user which is processed by a piece of javascript and redirect the user to dashboard.
If the user is not authenticated it shows an error.
But now whats happening here is. When i create a session variable and when the user is redirected to the dashboard. Sometimes it does not create the session variables and thats why i cant show logout button?
any help will be appreciated.
If you’ve used AJAX-heavy web apps built on a CI backend, you might have noticed premature session expiration, even if you’re expiration was set to never expire ($config['sess_expiration'] = 0; in application/config/config.php)
This was apparently due to AJAX requests not regenerating sessions, and apparent collisions. Long story short, last month there was a patch introduced without much fanfare, which (so far) seems to be working for me.
Replace your system/libraries/Session.php file with the one found here (CI’s git):
https://raw.github.com/EllisLab/CodeIgniter/b211adee89f5fd2192051e9c0826146bd150f469/system/libraries/Session.php
I'm in the process of setting up various authentication methods on a project I'm working on, and the common OAuth 2.0 framework that Google and Facebook use seems pretty awesome. Reading the example Facebook gave though, I stumbled across something that seemed strange to me.
If you look at the bottom of that facebook page, you can see an example in PHP. In their process, they first set a random string to $_SESSION['state'], then redirect the user to the facebook authentication page, which then sends the user back to the original page, where they compare the state string to what's supposedly stored in the session variable. Maybe I'm missing something here, but don't you lose all session data if the user leaves your site? How does this work? How is your session data maintained even though you leave the site?
The session data stays until you close the browser or logout from your app. The session state could be getting saved on the server or on the browser in a cookie. Either way, the session data is available to you once facebook redirects back to your site.
You don't lose your session data, when user leaves your site.
So, we check state value after user is redirected back to our website from facebook.
I am struggling to keep the Facebook session alive using PHP on my website.
I use both the JavaScript SDK and the PHP SDK to form the basis of my app.
The problem I am having is that when the "Facebook session" ends, my PHP script believes that you are logged out of Facebook. But, as soon as I call the FB.init() using the JavaScript SDK, the session comes back to life.
Is there anyway to achieve the same using the PHP SDK? Or can I set a custom expiry time on the Facebook session?
Extracted from comments
It seems that the session expire time is set to 2 hours but I am not certain about this. I don't think calling the PHP api will make a difference. I need to explain a little clearer what is happening. Basically, if you arrive at my home page, you get the option to login via Facebook. If you do, this all works fine! Once you are logged in and you have authorized the app, this is okay until the session expires. When the session expires, it seems that the PHP SDK is unable to determine whether or not you are logged in via Facebook, however, the Javascript SDK is. I use getUser() for the PHP SDK.
In other words, because the session has expired, PHP thinks that you are no longer logged in via Facebook. The Javascript SDK is able to detect whether or not you are logged in, regardless of whether the session is there. When it realises you are, it recreates the session any way. But in order for the session to be picked up by PHP, the page obviously needs to be refreshed. This is the problem I have, because the page displays content based on your Facebook login, I need the PHP SDK to be able to recreate the session as well, so that it is not necessary to refresh the page.
Ok... Not to sure what the exact details of why your session are acting like this - I must state too that I am not very well versed in PHP sessions and have not has extensive experience with them.
My suggestion would be to let the JavaScript SDK do its work... let it "re-detect" your session successfully and after it has done so, make an AJAX call to your server. In the processing of that call you can create and re-initiate the PHP SDK hence reviving your session.
Additionally you could call the FB.getAuthResponse periodically to ensure that the users session is still valid ( at least in the JavaScript SDK ).
From the Fb.getLoginStatus() documentation :
{
status: 'connected',
authResponse: {
accessToken: '...',
expiresIn:'...',
signedRequest:'...',
userID:'...'
} }
By testing for the presence of the authResponse object within the
response object, you can be sure the user is known to your app and you
can begin to make further calls to the Facebook APIs. If the
authResponse object is not present, the user is either not logged into
Facebook, or has not authorized your app.
I'm not great at PHP, and everything I currently know, I have just taught myself by browsing the internet.
I am currently trying to work with cookies in my page, in order to set up a persistent log in for a day.
Basically I have gotten as far as managing to set a cookie, with a value of the session username. This value is set when the user logs on.
So the user enters credentials, php checks against mysql database, if it is successful then the username is set as session variable, and this is then set as a cookie.
This works, as if I run this php and immediately echo the cookie, the username is displayed.
This is all done on my login form which is brought up in a tinybox (similar to a lightbox and other such pop up windows). The cookie and echo seems to work correctly from here.
However, when the login is successful, it refreshes the parent page, (root page of my site) and all seems well. However, if I then try to echo the cookie from the index page, I can not access it.
I know cookies have limitations on them for security, but seeing as how my login page, and my home page are on the same domain, then I thought this would have worked.
Is this something I am likely doing wrong, or is it a cookie limitation. Would it work if I set the cookie from the index page itself, rather than from within a tinybox?
If anyone wants examples of the code I am using, it can be provided.
Many thanks
Eds
Which navigator you use? Chrome can't work by default with local cookies. You can enable with command line --enable-file-cookies
http://code.google.com/p/chromium/issues/detail?id=3014
Was helped out by DaveRandom on this one.
Turns out I had to add "/" as the root path for the cookie, so that it was available to parent pages.