I currently have a website where I have roughly 20 separate pages. All pages have two versions... a version where the viewer has not logged in yet, along with a logged in version. The logged in version can vary quite differently from the non-logged in version...
I was wondering if there is a simple way to tell browsers to 'invalidate' all cached pages for my domain when a user logs in or logs out.
Example: A non-logged in viewer visits many of the pages on my site, which causes their browser to cache all of these pages. Upon logon can I supply the user with a particular header which will make their browser to not use the cached version the next time the page loads? This needs to happen on both log-in and log-out.
Any tips or tricks would be super helpful, I am fairly new at caching...
Thanks :)
No, you cannot tell the user's browser to un-cache pages. You could use different URLs for logged-in users than for logged out users (adding a query string would suffice), or, not allow caching of any of them in the first place.
ideally you wouldn't have separate pages to represent a user's logged-in state. that attribute of your application really belongs in the model not the view as it were. i imagine a logged-in user would never see the non-logged-in page via the controller, right? in which case i'd offer that it doesn't matter which page is cached and which isn't.
the following is the only way that occurs to me to do what you want, but it isn't pretty... if a user has logged in, but requests the non-logged-in page, expire the page (e.g. $q->header( -expires => 'now' )) and send the logged-in user to non-logged-in page. but, as above, i doubt you want to do that. you could reference a .js file that has js/ajax that detects such a scenario and then redirects the user back to the logged-in page.
you can see what an ordeal this could be. i'd suggest tightening up your application design such that this problem goes away. hopefully this was helpful. good luck!
Have a look at Force browser to clear cache. There are some promissing leads in there.
Otherwise, tell your users to Shift-Click the reload button. ;-)
Related
Basically, we have a certain area of the site we want only logged in members to see. If a non-member clicks a link to this area, it should challenge them for a login (that part I have down). If the person is already logged in, then the page would normally challenge for a login, it would instead redirect to the destination page.
The Problem I have with this is knowing where/how to grab the appropriate information to issue a redirect to forward already logged-in members. I have seen solutions, but they're mostly in PHP and I can't use that due to working in a CMS.....
Usually you have to check whether a person visiting the page is logged in or not. This could be done using sessions or cookies. Unless you specify which CMS you are using, it's difficult to give you a specific answer.
I am trying to build an google chrome extension for Facebook.
I should be able to access the facebook api without actually asking the user to authenticate explicitly for my extension.
Is there a way to do that?
The answer is yes and no.
Yes: You can "read" as much as a they have loaded in their page through a Content Script that reads the window document. A good example could be the following.
In the manifest.json
"content_scripts" : [{
"matches" : ["http://www.facebook.com/*"],
"js" : ["js/vendor/jquery.min.js", "js/content.js"],
"run_at" : "document_end"
}]
In the js/content.js
var document = jQuery(window.document);
var posts = document.find("div[role='article']");
and then you can read as much as you wish of the user, or well, as much as the page loads. You could have some sort of timeout mechanism that checks whether there's new content in the page, or new elements were added to the dom, but at the end the user has to scroll down to load information, or you can hack this through Javascript.
No (and why you shouldn't): I'm not a legal guy, but I had been developing long enough to know that whenever a platform gives you an API, you are supposed to use it. Why? Because they can control what information you are reading, and they can protect their user information that way.
This is actually a delicate line, because sometimes you can enhance a website experience without necessary using a website API (and sometimes they don't even have one). This is then even appreciated if you are actually improving the user experience. In this case thought, I wouldn't do it though, because:
It's Facebook, I'm pretty sure they have in some Terms of Service a line where they describe what I just wrote about reading user's information through external scripts.
External applications that crawl your data have had bad reputation since day one (automatic posts, scamming, scrapping information, etc)
Facebook API is now based in Oauth2, which in its foundation was made to protect the users; through a token denial, a user can stop at any time an application from reading his/her data, while your application has no mechanism for that (uninstall may be it, but you may have stored already his/her data)
It's not that hard asking for permission and you would be saving yourself a lot of trouble.
How to do it the right way? Request an application ID, and load the facebook SDK in a Background Page. Prompt the user permissions (yes, the right way includes asking the user for permission on what you can read so he/she can deny you access to them if you misbehave) and then query the Facebook API with that.
Think about it. You can create an extension that reads the content of a user page whenever he logs into his/her bank. Or his email. Actually, anything that a user sees inside a browser window can be retrieved by an extension. This is extremely dangerous to the user if there's no control over which information is being taken from him!
Ask for permission first. Don't be THAT guy ;)
I've been researching this for a couple of days and I'm seing a lot of answers to similar questions and they are unfortunately all "No, you can't do that." So, perhaps you can help me find a more efficient way or perhaps you have a better answer.
I'm running a game at an event. When users sign up for my game, they'll authorize my Facebook app. They get points in my game for doing certain things. One of the things they get points for is Liking a chosen Facebook page.
They don't Like the page through any interface I control though, so I'm going to be running a process in the background which checks if my authorized users have liked the page.
I'm going to have tens of thousands of people playing this game though. I've got an access_token for each of them and I know I can fetch a list of likes for Person X with their access_token, but fetching 10,000+ lists of likes to check if they've liked the page seems ridiculous... especially since if they haven't liked it, I can't just cross them off the list. I need to keep checking every few minutes for the duration of the event just to see if they have liked the page yet and give them points. Once they have liked the page then I no longer need to keep checking them, but that's still going to require a ton of requests.
Is there a way that I can determine which of my 10k+ users, for whom I have individual access_tokens, have liked my page?
Or can I get list of people who have recently liked a particular page?
Any other suggestions?
EDIT: As the administrator of my FB page, I can use the website to just click through and I can see all of the people who have liked my page, so I feel like there should be some way to access this information programmatically as well. Am I just missing something?
This problem seems like a candidate for using FQL. There's a table called page_fan that acts as a join table between the user and page tables. You could run a query for each user to see whether a row exists for the chosen page. For example:
SELECT 1 FROM page_fan WHERE uid = me() and page_id = 8484927467
I'm running a game at an event. When users sign up for my game, they'll authorize my Facebook app. They get points in my game for doing certain things. One of the things they get points for is Liking a chosen Facebook page.
Please clarify some details on that:
is your game app running as a page tab app inside facebook, or some place else?
if it is running in a page tab, is that also the page they are required to like?
If that would be the case, you would get the info if the user has liked the page within the signed_request parameter automatically, no further API queries etc. necessary.
fetching 10,000+ lists of likes to check if they've liked the page seems ridiculous...
Keep in mind that you don’t have to go through each user’s list of likes, though – you can ask if someone liked a specific page by querying for /userid/likes/pageid. (I know, it’s still one request for each user.)
I need to keep checking every few minutes for the duration of the event just to see if they have liked the page yet and give them points. Once they have liked the page then I no longer need to keep checking them, but that's still going to require a ton of requests.
Are you aware of the method in the JavaScript SDK of binding an event to a user clicking a like button on your page? Maybe you could use that – implement the like button in your site, catch the event of the user using that very button to like the page … and then AJAX the fact that the like happened to your server, maybe make one more request for that particular user to verify that there’s no “cheating” involved (someone making a call to your AJAX endpoint themselves, without actually having liked) … and you should have what you want, right?
Hey guys go to the BANNED USERS panel at your page settings and select PEOPLE WHO LIKE YOUR PAGE. Thanks
I want to create an iFrame Tab App for Facebook. I am planning on having a share button, so the user can share the tab app. If the user has successfully shared the tab app (= left a post on his wall which is defined by the app) I want to redirect him to let's say www.example.com/user-has-shared.
The way I understand this (http://developers.facebook.com/docs/reference/dialogs/feed/), this should be possible using the redirect_uri parameter.
However, when the user opens the dialog and doesn't click on "publish" but on "skip" instead, he is still redirected to the same page as defined. But I don't want to redirect users who have skipped publishing.
Any ideas? Thanks!
Using PHP by the way.
I'm not convinced that what you're asking for is possible, and it definitely isn't nice so that's fortunate. From the docs, redirect_uri redirects after any button in the dialog is clicked. Again, this is good.
You shouldn't be doing anything that requires the user post on their wall. While user advertising is nice, making it mandatory is frustrating and many of your users would be frustrated. A better method would be to build an app that people WANT to talk about! ;)
EDIT: Ignore my puffery there, this is totally possible. You check for $_REQUEST[post_id] on the redirect_uri'd page. More details in the comments.
I have a Facebook application that has a user profile tab. The specs of the app dictate that the layout of the profile tab should be different depending on whether a user is looking at their own profile, or someone else is looking.
Whenever I try to print_r FB's signed request details, the profile_id is always the same as the user_id, even if I am looking at the profile as another user.
Is there another way I can get this information, or is it not possible using Facebook's current setup?
Thanks!
Facebook sends visitor id only after they interact with your tab in some way, but not during the first visit.
In theory the Canvas signed_request functionality is meant to solve this issue too, but I'm having the same issue around the user needing to interact with the tab first.
Personally, I think that's stupid with respect to signed_request functionality, as it looks like I need to request permissions I don't need in order to get it to do what I thought the purpose of the functionality change was (see #3362040 for an example).
Griping aside, though, you might find the signed_request functionality helpful for this.