Facebook JS / PHP SDK

Question

So I am encountering some weird problems with the Facebook SDK. I use both the JS SDK as the PHP SDK. To log a user out I use the following onclick:

<a href="/logout/" onclick="FB.logout ();">Log out</a>

After I clicked that link, when I try to perform any JS SDK call, like: FB.getAuthResponse (); it returns, as expected, null.

But after clicking the link, when I use the PHP SDK to check if someone is logged in, or just use the following SDK function: $this -> facebook -> getAccessToken (); it returns a valid token as if I am still logged in.

What am I missing here? By the way, do you need some of my PHP code where I check for login?

Thanks in advance!

Answer 1

The PHP sdk saves the access token into local session. That's a huge problem. Especially in times when the facebook token expires and locally the SDK thinks it's still active. The solution we use is everytime we need user data we check against the access token to see if it's still valid. People would think this should be a mndatory behaviour of the SDK (to guarantee an active token) but sadly that's not the case. This is snippet of the code we use.

$graph_url = "https://graph.facebook.com/me?access_token=". $access_token;

$response = curl_get_file_contents($graph_url);
$decoded_response = json_decode($response);
//Check for errors
if ($decoded_response->error) {
  // check to see if this is an oAuth error:
  if ($decoded_response->error->type== "OAuthException") {
    // Retrieving a valid access token.
    $dialog_url= "https://www.facebook.com/dialog/oauth?"
    . "client_id=" . FB_APP_ID
    . "&redirect_uri=" . urlencode($redirect_url)
    . "&scope=" . implode(',', $permissions);
    exit("<script> top.location.href='" . $dialog_url ."'</script>");
  }
  else {
    //handle other error types
  }
else {
  return $facebook-getUser();
}

This is part of our own getUser function. Hope it will help you to implement your own :)