stackoom
  简体   繁体   中英

Facebook api php destroySession doesn't destroy javascript session/cookie

 原文  2012-02-15 17:00:20       php/ javascript/ facebook/ facebook-javascript-sdk/ facebook-php-sdk

Question

What I'm trying to attempt is to log out of my website when hitting logout, but not log out of Facebook. This is a stripped down version of my code, adapted from the example Facebook provide.

What currently happens is that when logout is hit, the session is destroyed, the page reloads and then the event subscribes for auth.login and auth.logout fire on page load and send the page into a redirect loop.

I've tried having the logout section of code on a separate page and giving the user a link to click to return to the site, but again the auth.login fires on page load and logs the user back in.

What I am asking is how do I destroy the session in a way that won't log the user out of Facebook, but will not re-auth the user on my site automatically. No matter what I try the auth.login fires automatically and re-auths the user! 

<?php


require 'include/facebook/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'API KEY',
   'secret' => 'API SECRET',
));

if(isset($_POST['logout'])){
$facebook->destroySession();



if (isset($_SERVER['HTTP_COOKIE'])) {
        $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
        foreach($cookies as $cookie) {
            $parts = explode('=', $cookie);
            $name = trim($parts[0]);
            setcookie($name, '', time()-3600);
            setcookie($name, '', time()-3600, '/');
            setcookie($name, '', time()-3600, '/','MY DOMAIN');

        }
    }

    $signed_request_cookie = 'fbsr_' . API KEY;
    setcookie($signed_request_cookie, "", time()-3600, '/', 'MY DOMAIN');


}
// See if there is a user from a cookie
 $user = $facebook->getUser();

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
    $user = null;
  }
}



?>
<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
 <body>
   <?php if ($user) { ?>    


Your user profile is
  <pre>
    <?php print htmlspecialchars(print_r($user_profile, true)) ?>
  </pre>

  <form action = "" method = "post">

  <input type = "submit" name = "logout" value = "logout"/> 
  </form>
<?php } else { ?>
  <fb:login-button></fb:login-button>
<?php } ?>
<div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {
    FB.init({
      appId: '<?php echo $facebook->getAppID() ?>',
      channelUrl : '/channel.php', // Channel File
      cookie: true, 
      xfbml: true,
      oauth: true,
      status: true
    });
    FB.Event.subscribe('auth.login', function(response) {

      alert('logging');
      window.location.reload();
    });
    FB.Event.subscribe('auth.logout', function(response) {

      alert('logging out');
      window.location.reload();
    });
  };
  (function() {
    var e = document.createElement('script'); e.async = true;
    e.src = document.location.protocol +
      '//connect.facebook.net/en_US/all.js';
    document.getElementById('fb-root').appendChild(e);
  }());
</script>
<br />
POST:
<?php 
print_r($_POST);
?>

2 answers

solution1
 0  2012-02-15 17:34:25

I notice in your event subscriptions that you don't look at the response coming back from the call, and are blindly reloading the page. You should check the response value and only redirect when you really want it to. I was surprised that Facebook JS SDK will fire those events even when the response says something different really happened.

solution2
 0 ACCPTED  2012-02-16 10:04:34

It feels like a pretty dirty way to do it but I've just ended up wrapping the JS Facebook initialiser and only running it when someone hits the FB login button. I'm still not sure if this is an error that I've created or a shortfall in the FB API, if anyone can give me any indication either way I'd be grateful. 

function login_fb(){


  window.fbAsyncInit = function() {
      FB.init({
        appId: '<?php echo $facebook->getAppID() ?>',
        channelUrl : '/channel.php', // Channel File
        cookie: true, 
        xfbml: true,
        oauth: true,
        status: true
      });



      FB.Event.subscribe('auth.login', function(response) {

        window.location.reload();
      });
      FB.Event.subscribe('auth.logout', function(response) {

        window.location.reload();
      });
    };
    (function() {
        var e = document.createElement('script'); e.async = true;
        e.src = document.location.protocol +
          '//connect.facebook.net/en_US/all.js';
        document.getElementById('fb-root').appendChild(e);
      }());

}


<a href ="#" onclick = "javascript:login_fb()">login</a>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php Session doesn't destroy Is destroySession (PHP SDK ) still useful with Facebook API 2.0? Facebook PHP Destroy Session facebook connect: javascript logs session but php doesn't Facebook login using php SDK doesn't work with my site's own session and cookie settings (PHP) How to destroy the session cookie correctly? The session_destroy(); doesn't work correctly on server with php 5.3.21 Can't destroy cookie and session in same time? session_destroy() doesn't work with PHP >7.0 on server Unable to Logout out of PHP Facebook app using $facebook->destroySession();
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM