Home » Php » php – Facebook API – Session still exists after user logout

php – Facebook API – Session still exists after user logout

Posted by: admin July 12, 2020 Leave a comment

Questions:

I am using Facebook php-sdk in my iframe facebook app to get user login status.
Right after I sign out using facebook Account > Log out link, the session is not destroyed yet. I must wait a few minutes before old session expires, then my app will again get the correct login status.

I expect the facebook to kill itself and the session when user signs out. How do I manually kill the session?

Here is my code:

$initParams = array(
  'appId'  => $conf['app_id'], 
  'secret' => $conf['secret_api_key'],
  'cookie' => TRUE,
);

$fb = new Facebook($initParams);
$fb->getSession();  // will return a session object eventhough user signed out!

SOLVED:

calling $fb->api('/me') will destroy the session if user has previously logged out.
I’ve changed my code as following:

if ($session)
{
    try
    {
        $fbuid = $fb->getUser();
        $me = $fb->api('/me');
    }
    catch(FacebookApiException $e){}
}

If the API call is unsuccessful, $session will be set to NULL. Very weird behavior, I don’t explain everything that is going on here but it solved my problem of having residual session object not being updated via getSession() method.

How to&Answers:

I’m using $fb->getUser() and what I did was almost identical with yours.

if ($fb->getUser())
{
    try
    {
        $me = $fb->api('/me');
    }
    catch(FacebookApiException $e){
        **$fb->destroySession();**
    }
}

I found that using only API to check whether FB is logged out or not sometimes is inconsistent, but with destroySession(), the session will surely be destroyed.

Answer:

if you are using the javascript FB.INIT calls on the login page, then set status to false from true.

details about the status attribute :
http://developers.facebook.com/docs/reference/javascript/FB.init/

Answer:

Try finding the formatData function somewhere at LoginWindow (AS3) and find this line:

vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL

Change the value for http://www.facebook.com/ and logout from that html page when logged in.

This is a temporary solution to logout if you are developer, not the end user.

Answer:

Facebook should disassociate the session from the account that the session belonged to. You can use Facebook::getUser() to check whether this was done:

if ($fb->getUser() === null) {
  // User logged out
} else {
  // User logged in
}

Answer:

Try $facebook->setSession(null) or using javascript <a href="/logout/" onclick="FB.logout();">Logout</a>

Answer:

Logout does not work any way you do.

Try posting this link in your browser, after you log in to facebook.

https://www.facebook.com/logout.php

What happen? it takes you to your facebook. No logout at all.

What ever you do, check the function (depends on your API) handleLogout and check the output. In my case, it returns the entire facebook html page.

Answer:

The only way I’ve managed to solve this problem was by clearing the session using the signed request to check the user id:

$facebook = Membership::getFacebookApp();
$signed_request = $facebook->getSignedRequest();
if(isset($_SESSION['facebook_id']) && $signed_request['user_id'] != (int)$_SESSION['facebook_id']){
    $_SESSION = array();
}