Facebook PHP: After user logs out of facebook, they can't login to my app with another user

Go To StackoverFlow.com

3

Sorry for the confusing title, here's the situation...

  1. A user logs into my app with Facebook
  2. The user logs out of facebook....someone else comes to the computer...
  3. The second user tries to access my app (different facebook account, same computer)
  4. They can't...instead the script gets the access token for the previous user.

I'm using the facebook PHP SDK.

When the user tries to login for the first time I do the following;

unset($_REQUEST);
unset($_COOKIE); //don't know if both are necessary
session_destroy();

Yet SOMEHOW the new fb account is still recognized as the last one (I get the previously logged in users access token which throws an exception when I try to use it since that user isn't logged in anymore).

Do I need to use the logout function? I assume that logs the user out of facebook, which isn't want I want to do, just start fresh with a new user in my app.

Any ideas? I'm really at loss on where this data is persisting from since I'm clearing everything. Hopefully its something stupid I'm missing but I thought I'd ask in case anyone knew anything.

2012-04-03 20:22
by Sabrina Leggett
what happens when the second user attempts to login? Do you get any errors - Ronnie 2012-04-03 20:28
It says invalid user authorization toke - Sabrina Leggett 2012-04-03 20:49


1

This is what seemed to work in the end:

$fb_key = 'fbsr_'.$facebookConfig['app_id'];
setcookie($fb_key, '', time()-3600);
$facebook->destroySession();
2012-04-04 10:46
by Sabrina Leggett
This ended up causing more problems than it was worth. In the end I switched just using js authorization and that fixed ALL my problems - Sabrina Leggett 2012-06-21 10:46


0

Sabrina

using logout with valid user access token should work fine. Here is what i use "unless offline access is permed"


$user = $facebook->getUser();
$access_token = $_SESSION['fb_135669679827333_access_token'];
if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}
if ($user) {
  $params = array (
  access_token => ''.$access_token.''
  );
  $logoutUrl = $facebook->getLogoutUrl($params);
} else {
$params = array(
  scope => 'read_stream,publish_stream,publish_actions,read_friendlists'
  //redirect_uri => $url
  );
  $loginUrl = $facebook->getLoginUrl($params);
};
2012-04-03 20:55
by Shawn E Carter
Thanks, but I don't want to log the user out of facebook, just out of my app - Sabrina Leggett 2012-04-04 10:40


0

Thanks, but I don't want to log the user out of facebook, just out of my app. – Sabrina Gelbart Apr 4 at 10:40

contradicts your question, by doing $this->facebook->destroySession(); logs user out of facebook and not facebook , if another user wants to use this computer , they should logout from their facebook account = new user can log into your website.

you dont wish that the user's facebook is being logged out of facebook.com when they logout from yours right? that would be frustrating for me

2012-12-11 10:25
by CodeGuru