Facebook getUser() function returning user ID afte

2020-02-21 08:18发布

I'm developing using the Facebook PHP SDK.

I wanted to make it so that when the user logs out of Facebook, they will automatically be logged out of my website too.

I am using the following code to detect the session, using the session cookie:

$facebook->getUser();

For some reason, the getUser() function still returns the user's Facebook ID, even after they have logged out of Facebook on their website.

Am I to detect the session first using another Function?

On the official documentation example here, is the following excerpt from their comments:

// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

This lead me to believe that the session cookie for Facebook would become unset upon Facebook logout?

Kind Regards,

Luke

5条回答
Evening l夕情丶
2楼-- · 2020-02-21 08:47

The problem seems to be in php-sdk in basefacebook.php at line 567

         protected function getSignedRequestCookieName() {
         return 'fbsr'.$this->getAppId();}

This method returns the name of the cookie the sdk is looking for. However, javascript-sdk uses 'fbs_' prefix. Change this to 'fbs_' and it works fine.

return 'fbs'.$this->getAppId();}
查看更多
手持菜刀,她持情操
3楼-- · 2020-02-21 08:49

I have the same issue!

The FB PHP SDK saves those things into the $_SESSION! You can delete them like this when your user clicks logout:

$_SESSION['fb_'.APP_ID.'_user_id'] = '';
$_SESSION['fb_'.APP_ID.'_access_token'] = '';

Although this is not the final solution, it works for now.

I appreciate comments and solutions on that!

查看更多
Lonely孤独者°
4楼-- · 2020-02-21 09:00
$facebook->destroySession();
查看更多
做自己的国王
5楼-- · 2020-02-21 09:04

To destroy the session you can also use: $facebook->destroySession();

查看更多
小情绪 Triste *
6楼-- · 2020-02-21 09:05

I want to give an alternative, in a way you don't have to handle session stuff. Although, I must warn you this is slower than cleaning up the session, because it relies on a new request. What we're doing in the code below is to check on Facebook if the token is still valid. Here it's:

try {
    $facebook->api('/me','GET');
    $logged = true;
} catch(FacebookApiException $e) {
    $logged = false;
}

In my case, I was doing everything using the JavaScript SDK, so I couldn't clean session on logout. But in my landing page, I was needing a work around to check it before send the response back.

If you're facing something like this, definitely a good solution.

查看更多
登录 后发表回答