0

So I am encountering some weird problems with the Facebook SDK. I use both the JS SDK as the PHP SDK. To log a user out I use the following onclick:

<a href="/logout/" onclick="FB.logout ();">Log out</a>

After I clicked that link, when I try to perform any JS SDK call, like: FB.getAuthResponse (); it returns, as expected, null.

But after clicking the link, when I use the PHP SDK to check if someone is logged in, or just use the following SDK function: $this -> facebook -> getAccessToken (); it returns a valid token as if I am still logged in.

What am I missing here? By the way, do you need some of my PHP code where I check for login?

Thanks in advance!

Improve this question
3
  • Does user literally log out from facebook? I mean if you open facebook.com - are you still logged in or not? Commented Feb 21, 2012 at 19:52
  • Yes, when I go to Facebook I have to log in there again. Commented Feb 22, 2012 at 20:17
  • Is $fb->api('me'); in php returns something? I ask that because FB PHP SDK just caches access token so getAccessToken() not always returns the real working token Commented Feb 22, 2012 at 20:18

1 Answer 1

Reset to default
1

The PHP sdk saves the access token into local session. That's a huge problem. Especially in times when the facebook token expires and locally the SDK thinks it's still active. The solution we use is everytime we need user data we check against the access token to see if it's still valid. People would think this should be a mndatory behaviour of the SDK (to guarantee an active token) but sadly that's not the case. This is snippet of the code we use.

$graph_url = "https://graph.facebook.com/me?access_token=". $access_token;

$response = curl_get_file_contents($graph_url);
$decoded_response = json_decode($response);
//Check for errors
if ($decoded_response->error) {
  // check to see if this is an oAuth error:
  if ($decoded_response->error->type== "OAuthException") {
    // Retrieving a valid access token.
    $dialog_url= "https://www.facebook.com/dialog/oauth?"
    . "client_id=" . FB_APP_ID
    . "&redirect_uri=" . urlencode($redirect_url)
    . "&scope=" . implode(',', $permissions);
    exit("<script> top.location.href='" . $dialog_url ."'</script>");
  }
  else {
    //handle other error types
  }
else {
  return $facebook-getUser();
}

This is part of our own getUser function. Hope it will help you to implement your own :)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The solution we use is everytime we need user data we check against the access token to see if it's still valid. --- actually there is no difference when you know about invalid token - on real useful request, or on token request. And the facebook's impementation is more efficient than yours, as long as it doesn't require additional token request each time

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.