I'm doing some integration with Facebook on a project (using graph api) and everything was working fine until now I discovered that facebook doesn't clear my session when I click on the logout url. I'm doing logout through php, not javascript, so the logout url looks like:
https://www.facebook.com/logout.php?next=url&access_token=token
After clicking on that link the user is logged out on facebook, but the session still exists on my website. To actually clear the session I have to refresh the page one more time after clicking that url. This is a strange behavior, in my opinion.
What you guys think of this? I tried even to personally remove the facebook cookie, but it is still there, and it is cleared only after I hit the refresh button on my browser.
p.s. to get the facebook session I do something like this:
My_Facebook_Helper::instance()->getSession(); //it should be === null if it doesn't exist
p.p.s. it could be a bug? i don't remember having this issue about a week ago when I first started to implement this
I ran into this bug and realized it wasn't that the session wasn't being cleared, but if you have offline access, it will automatically get you a new session.
Try finding the formatData function somewhere at LoginWindow (AS3) and find this line:
vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL
Change the value for 'http://www.facebook.com/' and logout from that html page when logged in.
This is a temporary solution to logout if you are developer, not the end user.
This is registered as a bug. Please add your own repro to this bug to help get it fixed
http://developers.facebook.com/bugs/250825644953332
I have just a solved a simular problem today.
Try using this to get your session:
$session = $facebook->getSession();
And this could also help for the logout url:
$logoutUrl = $facebook->getLogoutUrl(array('next' => $url, 'session_key' => $session['session_key']));
Hope it helps!
I tried this
$logoutUrl = $facebook->getLogoutUrl(array('next' => 'some url', 'session_key' => $session_key)) . 'session_key=null';
Related
I have visited this link but cant get any help
$facebook->getUser() ALWAYS Returning ID - Can't Logout
the problem is when $facebook->getLogoutUrl is executed it just logout the user from facebook means destroy the facebook session but data return by the app is still there on the page. how to clear that data.
what i want is when logout link is clicked than the data on my app page also clear and login with facebook link appears.
here is the link to my example page
http://www.webdesigncc.info/demoz/myfacebook/examples/example.php
This may solve your problem
function facebook_logout()
{
$logout = $facebook->getLogoutUrl(array('next'=>'your url to be redirected after logout'));
$facebook->destroySession(); /*To destroy facebook sessions.
Available in facebook php sdk*/
$session_destroy(); //Optional if you want to destroy your site's sessions
header("Location:$logout");
}
Using the following way you can clear all datas.
public function destroySession() {
$this->setAccessToken(null);
$this->user = 0;
$this->clearAllPersistentData();
}
I'm trying to understand sessions and how some of the functions to end them work.
I've gone to different sites/and even here on SO and, well essentially, nothing is working.
I have an app I'm trying to work on and when the user logs in, I store the username like so
(not going to paste the whole code but you get the idea)
if($row == 1){
session_start();
$_SESSION['usrname'] = $login_usrname;
$_SESSION['usrpass'] = $login_usrpass;
header("Location:index.php");
exit;
}
On the index page of said app I have a check like so
session_start();
if(!isset($_SESSION['usrname']) && !isset($_SESSION['usrpass'])){
header("Location:login-acc.php");
exit;
}
And it lets them in. I check the cookies in firefoxes web dev tools and I see it being generated so I'm going to say "its working" so far.
Now when I want to log out, Long story short I have a logout link that takes them to a page that's supposed to clear all session data and redirect them to the login page. When I'm testing the app and I click the logout link, I get redirected to the login page but when i go back and click the "index page" link. it lets me right in.
In the logout file, trying to FORCE the issue in overkill lol, I have this and nothing seems to work.
unset($_SESSION['usrname']);
unset($_SESSION['usrpass']);
session_unset();
$_SESSION = array();
session_destroy();
setcookie('PHPSESSID', '', time()-3600,'/', '', 0, 0);
header("Location:login-acc.php");
exit;
It redirects me to the login page but again, when I manually go to index page it lets me right in. Or after being redirected to the login page, I hit the "back" button and lets me right in as well.
If I then go into FF Web developer tools app and delete all cookies etc, and navigate to the index page, then it locks me out.
As you can see above ive tried multiple things and in the end, I threw them all together which should do something. My question is since I've put in ALL those functions to try and delete/unset/remove in general the session, what else can I do? I'm a bit lost as to how its supposed to work.
Can someone steer me in the right direction?
You are missing a session_start() at the top of your logout page. It's trying to modify a session that doesn't exist!
You have to start a session in order to end a session. I recommend taking a look at...
http://php.about.com/od/advancedphp/ss/php_sessions_3.htm
// you have to open the session to be able to modify or remove it
session_start();
// to change a variable, just overwrite it
$_SESSION['size']='large';
//you can remove a single variable in the session
unset($_SESSION['shape']);
// or this would remove all the variables in the session, but not the session itself
session_unset();
// this would destroy the session variables
session_destroy();
I have the facebook_sdk that I am using to authenticate facebook users on my app. Everything is fine but when the user is logged out for facebook he is logged out but his information still is on my application . So I want to kill session by the time he logged out. So Can you help me this. I have seen many posts related But didn't find correct answer to my case.
So I want to kill session by the time he logged out.
Give a redirect_uri parameter when creating your logout URL, and put a script there that calls session_destroy().
Facebook SDK does not kill session in my application, so I edited the method getLogoutUrl in base_facebook.php and now It is fine.
public function getLogoutUrl($params=array()) {
session_destroy();
return $this->getUrl(
'www',
'logout.php',
array_merge(array(
'next' => $this->getCurrentUrl(),
'access_token' => $this->getUserAccessToken(),
), $params)
);
}
Hi im new to the facebook api and have managed to get a user to login using facebook, however I am trying to make a logout that redirects to a different page eg. logout.php The issue is when it logs out it redirects to the same page.
The code im using to get the logout link is:
$logoutUrl = $facebook->getLogoutUrl();
How can i make it so the logout url automatically logs you out of facebook and redirects you to logout.php?
Thanks in advance!
UPDATE
An example of the url i currently get from the getLogoutUrl() function:
https://www.facebook.com/logout.php?next=http%3A%2F%2FMYDOMAINHERE.com%2F&access_token=MYACCESSTOKENHERE
My guess is that if i can pass it a redirection URL to autogenerate with that function it would look something like this:
https://www.facebook.com/logout.php?next=http%3A%2F%2FMYDOMAINHERE.com%2FLOGOUT.PHP%2F&access_token=MYACCESSTOKENHERE
UPDATE
Never mind i just figured it out. Works the same way the login does with the
getLogoutUrl(array(
'next' => 'http://' . $_SERVER['HTTP_HOST'] . '/logout.php'
));
Do you mean this?:
header ("Location: $logoutUrl")
exit;
I am using a modified version php-sdk version 3.0.0 sample code at github.com/facebook within the CodeIgniter framework as a helper.
My problem is just as the title says: When I click the logout anchor (provided by $Facebook->getLogoutUrl()) I am redirected back to the same page and receive an OAuthException:
Fatal error: Uncaught OAuthException: Error validating access token: The session is invalid because the user logged out. thrown in [...]/base_facebook.php on line 959
When I refresh, it loads the "login" anchor like it normally would. What is happening on that refresh/post-back that isn't happening on that initial redirect?
I realize this is limited information but due to the problem I think it may be a simple fix.
EDIT: This post seems to be relevant: http://forum.developers.facebook.net/viewtopic.php?id=71219
Specifically this line:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
However, I am not sure how to implement this and still use $facebook->getLogoutUrl();.
Thanks in advance and just let me know if more information is necessary.
I was having the same problem and nearly pulling my hair out. However, after some research, it appears the problem is an offending cookie. This line on logout should fix it:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
Ensure to add the '.' before the domain name if subdomains are being used.
I hope this helps!
As suggested, I tried:
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', '.domain.com');
This didn't work. What I did, was to just copy from the fb example code:
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
The middle part, with if try get user_profile, is a test to get the user profile, and if it fails the userid will be unset. This will make the last part with getLoginUrl() and getLogoutUrl() correct.
I do believe setting the cookie is more correct, than to try a request and see if it fails... but since the setcookie didn't work, I didn't have a choice :(
Stupid facebook that returns a token with this $user = $facebook->getUser();, when the user actually is logged out.
Hope this helps those who is in need.
From the looks of your error it would appear your website is still trying to connect to Facebook using the SDK. When you run the logout function provided by Facebook make sure to clear whatever sessions or storage you have that triggers calls to Facebook.
It's likely that they aren't being cleared before you attempt your Facebook logout, and this is why it still thinks you have a connection but then works fine on refresh.
What I ended up doing was this:
$facebook->getLogoutUrl(array('next' => site_url('logout')));
Then in the 'logout' controller:
$_SESSION = array();
$this->load->view('myoriginalview');
On logout, the facebook logout url's query string redirect_uri value is set to redirect to the 'logout' controller which then clears the session and loads the view on which the logout button existed in the first place. Everything functions fine. Now I just have to figure out how to handle an expired session as opposed to a logged out user -_-
EDIT:
What I've done now is invalidate the cookie in the proper manner as described on the facebook developers forum. I really wish their documentation was better and described this for their PHP SDK.