Home » Php » php – $facebook->getLogoutUrl(); link doesn't log user out of facebook

php – $facebook->getLogoutUrl(); link doesn't log user out of facebook

Posted by: admin July 12, 2020 Leave a comment

Questions:

My current user story is that user1 is logged into my website and facebook (these accounts are connected etc).

User1 logs out of my site but not facebook.

After this user2 logs into his account, but the left over session from user1 screws with user2’s interaction with my site and who they post as.

So to fix this I made it check if the user who is logged in actually owns the currently logged in facebook (this would result in them going to facebook log out etc) and it shows a link that should allow the user to log out…

Upon clicking the link they go to facebook and return to the site. But if you open a new tab and go to facebook User1 is still logged in.

How can I get this link to work.. what’s going on. Is this a bug with the api or what?…

Edit: I’ve continued testing with value user ids loading and with valid access tokens but I have yet to get the logout link to work.

How to&Answers:

A little late but here goes my contribution:

Use the params when you generating the logout url, there redirects to a page in which you destroy the session using the Facebook API function for that.

Here an example:

$logoutUrl = $facebook->getLogoutUrl(array("next" => "http://mydomain.com/page4logout"));

In the page4logout you can instance the facebook object and execute the following:

$facebook->destroySession();

After that you can do a redirection.

Answer:

delete the facebook cookie and session manually. Here is my solution how I solved the problem some time ago, it think it’s a bug of Facebook:

setcookie('fbs_'.$this->getAppId(), '', time()-100, '/', $_SERVER["SERVER_NAME"]);
unset($_SESSION['fb_'.$this->getAppId().'_code']);
unset($_SESSION['fb_'.$this->getAppId().'_access_token']);
unset($_SESSION['fb_'.$this->getAppId().'_user_id']);
unset($_SESSION['fb_'.$this->getAppId().'_state']);

$this->getAppID is your Facebook App ID, should be clear ;o)

Answer:

One way you can check this is by using the PHP SDK and JavaScript SDK together.

When the user visits your site, call FB.getLoginStatus() and check that the authResponse.userID matches what the PHP SDK returns in $facebook->getUser(); (you can do this via a AJAX call if it helps).

You know that if the user ID doesn’t match then something is wrong here. Calling $facebook->getLogoutUrl() should log the user out of both your site and facebook, but if it doesn’t, try using session_destroy() in your code to clear the sessions. Then redirect the user back to $facebook->getLoginUrl() and get them to login again. This will correct the mis-match in the user ID and you can repeat the process when they come back to your site.

I’ve seen this happen on other apps, which leads me to believe that this is a facebook issue. The JavaScript SDK doesn’t appear to check if the cookie is still valid (if it already exists).