Facebook still “logged in”after logout

So this was a bit of a pain. Basically I’ve got a web app, and I want to use the facebook API via server-side PHP for authentication. So I started with an example from the documentation.

It’s a fairly basic demo – if the user is not logged in, it shows the login URL. If they are logged in, it displays their name (presumably to show that they really are logged in). I tweaked it to also show the logout URL, if someone’s logged in.

Trouble is, when you are logged in and you click the logout URL, you’re still logged in. You can click it again and again, doesn’t matter, you’re still logged in.

What the fork?

Turns out, the problem is that while Facebook knows you’ve logged out, your local PHP session hasn’t got the message. So you can refresh as much as you like but your local session still thinks you’re logged in (unless you wait however many minutes it takes till your session expires).

(I’d like to tell you I worked that out myself, but the truth is I learned it from  StackOverflow.)

So I added justloggedout=true to the getLogoutUrl line like this:

$logout_url = $facebook->getLogoutUrl(array('next' => 'http://localhost/fb/?justloggedout=true'));

added this just after the <body> tag:

if (isset($_GET['justloggedout'])) {
    $facebook->destroySession();
    session_unset();
    session_destroy();
    echo '<p>We just destroyed the old session.</p>';
}

This means that when you click the Logout link, fb logs you out then puts you back to the web app – and the web app destroys the fb session and unsets/destroys the PHP session. Which seems to do the trick

The only problem now is if someone uses my web app, then brings up a separate tab in Facebook and logs out there, then comes back to my app. They’ll still be logged in, which is not ideal. I’m thinking I’ll just destroy the session myself after, say, five minutes of inactivity, which should fix the problem.

It’d be much nicer if all this happened automagically, though!  🙂

Advertisements
Facebook still “logged in”after logout

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s