7

I am using Facebook php-sdk in my iframe facebook app to get user login status. Right after I sign out using facebook Account > Log out link, the session is not destroyed yet. I must wait a few minutes before old session expires, then my app will again get the correct login status.

I expect the facebook to kill itself and the session when user signs out. How do I manually kill the session?

Here is my code:

$initParams = array( 'appId' => $conf['app_id'], 'secret' => $conf['secret_api_key'], 'cookie' => TRUE, ); $fb = new Facebook($initParams); $fb->getSession(); // will return a session object eventhough user signed out!

SOLVED:

calling $fb->api('/me') will destroy the session if user has previously logged out. I've changed my code as following:

if ($session) { try { $fbuid = $fb->getUser(); $me = $fb->api('/me'); } catch(FacebookApiException $e){} }

If the API call is unsuccessful, $session will be set to NULL. Very weird behavior, I don't explain everything that is going on here but it solved my problem of having residual session object not being updated via getSession() method.

Improve this question
3
  • If the logout url link is correctly created there should be no problem with your code.. can you show us your front-end page? Commented Dec 23, 2010 at 11:31
  • 1
    I don't think it's an odd behavior as it's clearly stated on the comments here We dont know if it is still valid until we make an API call using the session. Commented Dec 23, 2010 at 12:46
  • indeed, my bad to haven't read properly the comments of the example code. Thanks for your input Commented Dec 24, 2010 at 8:51

7 Answers 7

Reset to default
7

I'm using $fb->getUser() and what I did was almost identical with yours.

if ($fb->getUser()) { try { $me = $fb->api('/me'); } catch(FacebookApiException $e){ **$fb->destroySession();** } }

I found that using only API to check whether FB is logged out or not sometimes is inconsistent, but with destroySession(), the session will surely be destroyed.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried, but failed.. if the user logged out from his/her facebook (not from the application) $fb->getUser() still give the uid. even if a new user has login to facebook, the $fb->getUser() still return the old uid..
3

if you are using the javascript FB.INIT calls on the login page, then set status to false from true.

details about the status attribute : http://developers.facebook.com/docs/reference/javascript/FB.init/

Improve this answer

Comments

1

Try finding the formatData function somewhere at LoginWindow (AS3) and find this line:

vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL

Change the value for http://www.facebook.com/ and logout from that html page when logged in.

This is a temporary solution to logout if you are developer, not the end user.

Improve this answer

Comments

0

Facebook should disassociate the session from the account that the session belonged to. You can use Facebook::getUser() to check whether this was done:

if ($fb->getUser() === null) { // User logged out } else { // User logged in }
Improve this answer

1 Comment

The getUser() method code is based on getSession(). The session still exists after a standard facebook logout public function getUser() { $session = $this->getSession(); return $session ? $session['uid'] : null; }
0

Try $facebook->setSession(null) or using javascript <a href="/logout/" onclick="FB.logout();">Logout</a>

Improve this answer

1 Comment

That would work if I was handling the logout bit myself i guess, but i've no way to tell when signout has been done by facebook logout menu
0

Logout does not work any way you do.

Try posting this link in your browser, after you log in to facebook.

https://www.facebook.com/logout.php

What happen? it takes you to your facebook. No logout at all.

What ever you do, check the function (depends on your API) handleLogout and check the output. In my case, it returns the entire facebook html page.

Improve this answer

Comments

0

The only way I've managed to solve this problem was by clearing the session using the signed request to check the user id:

$facebook = Membership::getFacebookApp(); $signed_request = $facebook->getSignedRequest(); if(isset($_SESSION['facebook_id']) && $signed_request['user_id'] != (int)$_SESSION['facebook_id']){ $_SESSION = array(); }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.