Delete facebook session cookie from my application on users logout

Question

I am working in an application which is using facebook connect to log in the users using their facebook account.

Everything works fine except in the following case:

1. User logged out from my website and facebook.
2. User try to login again in my app.

In this case when the facebook connect popup opens in says "error in the application".

I found that the reason is that the old fbs cookie is not being removed on users logout. I have added the code to delete the cookie on logout of my app but the cookie isn't deleted.

Here is my code (using Symfony framework.)

$fbCookie = 'fbs_'.sfConfig::get('app_facebook_application_id');
          $cookie = $request->getCookie($fbCookie);
          if(!is_null($cookie)){
            setCookie($fbCookie," ", time()-3600);
          }       

This doesn't work. The cookie remains the same. The setCookie function returns "1" as expected.

What can be the problem?

Answer 1

I'm pretty sure I had trouble with this too... you need to make sure that you kill the Facebook session right after you delete the cookie, otherwise it will just pop back up... here's an example

  // Assuming that $facebook is your facebook object populated with your settings
  $facebook = new Facebook(array(
          'appId'  => FB_APPID,
          'secret' => FB_APPSECRET,
          'cookie' => true));

  $fb_key = 'fbs_'.sfConfig::get('app_facebook_application_id');
  set_cookie($fb_key, '', '', '', '/', '');
  $facebook->setSession(NULL);

Answer 2

In the current version of the Facebook SDK you need to use

$fb_key = 'fbsr_'.$facebookConfig['app_id'];
setcookie($fb_key, '', time()-3600);
$facebook->destroySession();

I tried clearing out the cookies and the session manually, and it still didn't work for some reason (see Facebook PHP: After user logs out of facebook, they can't login to my app with another user). Using the above solution was what worked in the end.

Answer 3

I had the same problem and neither of the solutions i came up in the web worked for me. Then suddenly another app with the same code worked fine, so i checked the advanced settings in the app and it worked when i changed: OAuth 2.0 for Canvas ENABLED, Timezone-less events ENABLED and Upgrade to Requests 2.0 ENABLED

Hope it helps

Answer 4

Make sure to use the following code:

$params = array( 'next' => 'https://yourUrl/logout' );
        $data['logoutUrl'] = $this->facebook->getLogoutUrl($params);

to redirect the page to a logout controller or a page and then kill the sessions on that page.