facebook login and logout issues php-sdk

Question

This are 2 questions in one question about the latest fb login using php-sdk:

1. When logging out, i am logging out the user from facebook as well as my website but i only want him to logout of my website and not facebook. I know its possible cos websites like 8tracks are using it. I'm doing the following: example.php: $logoutUrl = $facebook->getLogoutUrl(array( 'next'=>'http://mysite.info/facebook/examples/logout.php' ));

logout.php: session_start(); session_destroy(); //ovewrites the cookie setcookie ('fbsr_APPID', ' ', time() - 3600); setcookie ('fbsr_APPID', ' ', time() - 3600, "/", '.'."mysite.com"); header('Location: http://mysite.com/facebook/examples/example.php'); session_start(); session_destroy(); //ovewrites the cookie setcookie ('fbsr_APPID', ' ', time() - 3600); setcookie ('fbsr_APPID', ' ', time() - 3600, "/", '.'."mysite.com"); header('Location: http://mysite.com/facebook/examples/example.php'); Where am i wrong?

1. When the user enters his login credentials and the site goes to the redirrect_uri, it appends al lot of encrypted stuff on my url: login code: $loginUrl = $facebook->getLoginUrl(array( 'redirect_uri'=>'http://mysite.com/facebook/examples/example.php' ));

url: http://mysite.com/facebook/examples/example.php?state=be53118414cc2da37146dcfa1db8a0a1&code=AQDtVYk_Ba5_NKGXTOGIuUMsmVo28zwAnbU8tuv2RZdUUlhvCvRGGWTVrv5HfvnGwzm-LwCVuK7Z_fFFyoC3cHm1BtZ6kSjijrlSknDZJ6cZ1XjPU31VCi4I0D2N4nBWv1IvXxkMqLoNZC0dLe4SCYbjyMl4ZfcDgWrlaxKWjYgamMAL7m44_5XdVUJzmaNO6_s#_=_

it looks very ugly and i wish to get rid of it.

I have tried so many combinations like making the redirect_uri point to a page which then redirects my user to another page but that does not create the session properly. Also i don't want to use javascript-sdk cos it gets blocked by the popup blockers.

Thanks in advance guys!

Answer 1

When logging out, i am logging out the user from facebook as well as my website but i only want him to logout of my website and not facebook. I know its possible cos websites like 8tracks are using it.

Then they are probably not using the FB logout functionality at all, but just call their own systems logout functionality.

Btw., you are required by Facebook Platform Policies to offer the user a link that logs him out of your site and Facebook in one go. (see I. Features and Functionality, Point 6. )

I have tried so many combinations like making the redirect_uri point to a page which then redirects my user to another page but that does not create the session properly.

Then you are redirecting “too early” – you have to give the Facebook SDK the chance to read these parameters first.

Initialize the Facebook class, and redirect afterwards – that should work.