Menu
I am using a facebook log in for my web site using facebook php sdk.
What I noticed is the logout link doesn't do anything. After I logout, the user can still navigate the site. Here is my code in facebook.php:
<?php
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => '*************',
'secret' => '******************************',
));
$user = $facebook->getUser();
$loginUrl = $facebook->getLoginUrl();
echo "<a href='$loginUrl'>login</a>";
$logoutUrl = $facebook->getLogoutUrl();
echo $loginUrl;
if($user){
session_start() ;
$_SESSION['user_info'] = $user;
$_SESSION['user_pro']= $facebook->api('/me');
print_r($_SESSION);
}
else{
echo 'not logged in ';
}
echo "<a href='example.com/logout.php'>log out </a>"
?>
This code works fine on log in. The log out link should destroy the session. Here is the header of the page:
<?php
print_r($_SESSION) ;
header('example.com') ;
?>
The problem with my logout.php page is it doesn't detect the session at all. I don't know if this is a facebook api problem or my php problem.
How do you log the user out using the facebook SDK?
892
Tap in the top right of Facebook. Scroll to the bottom and tap Log out. If you've logged in to your Facebook account on multiple devices, you'll need to log out of each device separately. Learn how to manage where you're logged in to Facebook or how to log out of your mobile account from a computer.
The Facebook SDK is a set of software components that developers can include in their mobile app to understand how people use the app, run optimized marketing campaigns and enable Facebook login and social sharing.
The Facebook SDK for JavaScript provides a rich set of client-side functionality that: Enables you to use the Like Button and other Social Plugins on your site. Enables you to use Facebook Login to lower the barrier for people to sign up on your site. Makes it easy to call into Facebook's Graph API.
You can logout from your site as well as from facebook as follow by providing your site url to next parameter and destroying session
$token = $facebook->getAccessToken();
$url = 'https://www.facebook.com/logout.php?next=' . YOUR_SITE_URL .
'&access_token='.$token;
session_destroy();
header('Location: '.$url);
You also have to log them out of your website AND you have to prevent your website from automatically remembering your user and re-logging them in immediately.
Disable the code that auto-logs in your user and try to logout again. Destroying the session will not prevent your site from creating a brand new valid session for the remembered user.
74
Here is the PHP logout code for my website that logs a user in and out with facebook. You don't have to destroy the session to logout the user, all you technically have to do is signal to your own website that this particular session may not be used to let the user in.
logout.php:
<?php
require_once("facebook-php-sdk-6c82b3f/src/facebook.php");
$config = array();
$config['appId'] = '2911111111146';
$config['secret'] = 'a6eaaaaaaaaaaaaaaaaaaaaaaaaaad1a';
$config['fileUpload'] = false;
$facebook = new Facebook($config);
$logouturl = $facebook->getLogoutUrl();
$_SESSION['user_facebook_email'] = "";
$_SESSION['ask_user_to_login'] = true;
header("Location: showquestions.php");
?>
index.php:
<?php
require_once("facebook-php-sdk-6c82b3f/src/facebook.php");
$config = array();
$config['appId'] = '2911111111146';
$config['secret'] = 'a6eaaaaaaaaaaaaaaaaaaaaaaaaaad1a';
$config['fileUpload'] = false;
$facebook = new Facebook($config);
$userId = $facebook->getUser();
if ($_SESSION['ask_user_to_login'] == true || $userId == 0){
$loginUrl = $facebook->getLoginUrl();
$_SESSION['ask_user_to_login'] = false;
echo "<button type='button' onClick=\"window.location='$loginUrl'\">" .
"<img src='picture.gif' alt='Login with facebook'/>" .
"</button>";
exit;
}
else
{
$userInfo = $facebook->api('/' + $userId);
session_cache_expire (150000); //set the cache expire to 15000 minutes
$_SESSION['user_facebook_email'] = $userInfo['email'];
$_SESSION['facebook'] = $facebook;
header("Location: showquestions.php");
}
$userInfo = $facebook->api('/' + $userId);
echo "Welcome" . $userInfo['email'];
?>
login.php:
<?php
session_start();
if (isset($_SESSION['user_facebook_email']) !== true ||
$_SESSION['user_facebook_email'] == "")
{
header("Location: index.php");
exit;
}
?>
Then in every php file you want to prevent access without a logged-in user, put this at the top:
<?php
require("log2.php");
?>
With this code, the user is logged in automatically, and if they invoke the logout code, the site will not let them in until they login again.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
