{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我命由我不由天 的问题《Facebook logout using OAuth server side》','https://www.manongdao.com/q-690358.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I just read the manual but it doesn't say how to log a user out. My problem is similar to this:
Facebook JS SDK FB.logout() doesn't terminate user session
But I'm using the serverside flow. I think I need to know the name(s) of which cookie(s) to invalidate since deleting the cookie would log the user out wouldn't it?
Here's me logout where I assume I know the name of the cookie that could have changed:
class FBLogoutHandler(webapp2.RequestHandler):
csrf_protect = False
def get(self):
logging.debug('in fblogout')
current_user = main.get_user_from_cookie(self.request.cookies,
facebookconf.FACEBOOK_APP_ID,
facebookconf.FACEBOOK_APP_SECRET)
if current_user:
graph = main.GraphAPI(current_user['access_token'])
profile = graph.get_object('me')
accessed_token = current_user['access_token']
logging.debug('setting cookie')
self.set_cookie('fbsr_' + facebookconf.FACEBOOK_APP_ID, None,
expires=time.time() - 86400)
self.redirect('https://www.facebook.com/logout.php?next=http://www.koolbusiness.com/fbredirect&access_token=%s'
% accessed_token)
def set_cookie(
self,
name,
value,
expires=None,
):
if value is None:
value = 'deleted'
expires = datetime.timedelta(minutes=-50000)
jar = Cookie.SimpleCookie()
jar[name] = value
jar[name]['path'] = '/'
if expires:
if isinstance(expires, datetime.timedelta):
expires = datetime.datetime.now() + expires
if isinstance(expires, datetime.datetime):
expires = expires.strftime('%a, %d %b %Y %H:%M:%S')
jar[name]['expires'] = expires
self.response.headers.add_header(*jar.output().split(': ', 1))
You can not log the user out of FB - this would require you to have access to FB cookies, which you do not.
You can only log user out of your own app.
The method that doesn't use the JS SDK, and is therefore probably preferable for anyone doing server-side FB authentication, I found here: https://stackoverflow.com/a/9799430/117989.
From http://developers.facebook.com/docs/authentication/: