Do I have to save the session when the user is logged?

Question

I'm starting developing a Facebook app with PHP SDK, I have a two doubs regarding the auth/login process.

I have this code:

  require_once("facebook.php");

  $config = array();
  $config[‘appId’] = 'xxxxxx';
  $config[‘secret’] = 'xxxxxx';
  $config[‘fileUpload’] = false; // optional

  $facebook = new Facebook($config);

  $user = $facebook->getUser();

Now I have the first doubt, doing something like:

if ($user === 0) { .... }

Question: - does it check if the user is LOGGED or whether the user has authorized the app ? (obviously when $user != 0 )

then, I show the auth dialog to let user choose if authorize or not my application, in this manner:

$loginUrl = $facebook->getLoginUrl(array{
     'scope' => 'read_stream',
     'redirect_uri' => 'https://www.myapp.com/login.php'
});
echo("<script> top.location.href='" . $loginUrl . "'</script>");

Question: Do I have to use this code if $user returns 0 ? I mean, what is the scope of this code? Login on Facebook or the app Authorization ?

Thank you!

Answer 1

does it check if the user is LOGGED or whether the user has authorized the app ?

It checks if the user is logged into facebook and authorized the app (with a valid token).

Do I have to use this code if $user returns 0 ? I mean, what is the scope of this code? Login on Facebook or the app Authorization ?

The scope of this code is app authorization.

If $user is 0 use that piece of code to redirect to Facebook's authorization/login page (if the user hasn't authorized the app or if he did but the token is not valid) after that it will be redirected to https://www.myapp.com/login.php?state=$s&code=$NEW_TOKEN And the facebook php library will handle $_REQUEST['code'] so that $user will return the user's facebook ID.