Possible to find out whether a user is logged into facebook over javascript API?

Question

This question is not a duplicate of this one.

I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).

The reason is that I want to pring user comments in my html code so that search engines can index them.

When a user is logged into facebook I want to replace the html code with the facebook comments snippet.

If not an alternative old school comment form should be displayed.

I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.

I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.

My questions are:

• Can I somehow find out if a user is logged into facebook?

• Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?

Answer 1

There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point). Using the Javascript SDK, you can do:

<div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {

    FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
             xfbml: true});

    FB.getLoginStatus(function(o) { 
       if (!o && o.status) return;
       if (o.status == 'connected') {
          // USER IS LOGGED IN AND HAS AUTHORIZED APP
       } else if (o.status == 'not_authorized') {
          // USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
       } else {
          // USER NOT CURRENTLY LOGGED IN TO FACEBOOK
       }
    });

  };

  (function() {
    var e = document.createElement('script'); e.async = true;
    e.src = document.location.protocol +
      '//connect.facebook.net/en_US/all.js';
    document.getElementById('fb-root').appendChild(e);
  }());

</script>

An aside: if XAuth had caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.

Answer 2

This article

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.

Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.