I am curious as to how sessions/the graph work.
I got the example code off the php sdk and have finally got it working.
So i connect to facebook, the user authorizes the app, it redirects to my website, and i put the users facebook id into my database. The users actions can then be posted onto fb.
When i then try in Internet Explorer (no session), the user logs into my site but when they do an action it is NOT posted to facebook.. because there is no session.. but the user has authorized it.
How do i go about getting a new session for the user when they login to my site given that they HAVE authorized my site on fb...
Thanks
If this is an iframe application, it's probable that IE is blocking your session cookie for being a third party cookie without a P3P header.
Related
I am using Facebook login with the Facebook javascript sdk. I have implemented all the login flow. I want to know what I should to do to start a session on my application. From Facebook docs https://developers.facebook.com/docs/facebook-login/login-flow-for-web:
Once your app knows the login status of the person using it, it can do one of the following:
If the person is logged into Facebook and your app, redirect them to
your app's logged in experience.
If the person is logged into Facebook but not your app, prompt them with the Login dialog.
If the person is not logged into Facebook, prompt them with the Login dialog.
I want to work on the first one: redirect them to my app's logged in experience. But I do not know how to recognize the user and start the new session on the server so that he can access personal data. I thought a possible solution might be to send the accessToken received on the client to my server, then ask to Facebook's servers if that is a valid token, if so then start a new session for the recognized user, otherwise ignore the request. Is that a correct flow?
I have read many questions in a similar area to this and after reading about 20+ my problem is not discussed.
I have a web app using facebook login via the facebook SDK.
This is working fine on the website side of things.
However when using the getLogoutUrl( ) the users are not logged out of facebook.
I have done both destroying the facebook session (via the destroySession method) before and after (in the redirected page) accessing the getLogoutUrl link and I am still logged into facebook.
The user is not longer logged into my site but facebook remains unchanged.
I would expect that when a user accesses the link provided by getLogoutUrl that they would be logged out of facebook. However all that happens is the user is redirected back to the site and the user is still logged into facebook.
So my websites side of things works fine. But providing the facebook logout link implies that they are logged out of facebook and can walk away.
Where as in reality the users accounts is still logged in on facebook.
Why is this happening?
I cannot control facebook so I do not know what else I can do other than forwarding to the user to the logout link provided by getLogoutUrl.
I am using Facebook PHP SDK (v.3.2.2)
I use the Twitter Anywhere API and OAuth to authenticate users on my website. The cookie with the accessToken expires after two hours, which is why the user needs to login and connect to Twitter regularly. The workaround would probably be to store the auth_token in a cookie and provide it the next time the user loads the page after the cookie set by twitter expired.
Now something that is not clear to me: I'm also providing Facebook as an authentification method and somehow it doesn't forget the login. The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
are you talking about this? see the channel file portion.
EDIT: Above link has been changed. And, facebook api has changed too.
The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
It makes a cross-domain request to facebook.com, to see if there are cookies under that domain that indicate there is a user currently logged into Facebook in some other browser window/tab.
Once it has figured out that a) there is a logged in user and b) this user has used your app before – it logs him in to your app on the fly and gives you a fresh (short-lived) user access token to work with.
how can i login my website using facebook credentials that too seamlessly , when i'm already logged in my facebook account in the same session or in another session. For example i'm logged in my fb and when i open website named rottentomatoes.com in the same session or in another session , i can get automatically logged in , without doing anything , as that site use my fb account and automatically get a registered memeber of that site.
i wanna do this things in my website , like things happening with rotten tomatoes.
so far i can use fb account to login in my website using facebook connect .
please help me ....any suggestion will be welcomed.
You need to have a facebook app, then in your site use the facebook js sdk.
You always have different sessions per site, you'll need to make a session for yours, you don't use the facebook session, just the sdk.
When the user loads your page you can use the FB.getLoginStatus to check if the user is logged into facebook and is authenticated with your app, if so then you get the needed user data and can then log the user into your site.
If the user is not logged into facebook, or hasn't authorized your app then you can use the FB.login method to log the user in, when the user comes back from that process you should have the data you need in order to register/log him into your site.
well i have used the facebook api couple of times. But last day i just came across a site which was really new to me. Heres the scenario
If a user is logged in at facebook and comes to my site, he will
automatically be logged in without asking him and also if user logs
out of my site he gets logged out of facebook. But the site i saw
yesterday, they had handled it perfectly, user dose not logs in their
site automatically and even if user logs out from their site, he does
not gets logged out of facebook.
So any help? what is this technique called? or any relevant help?
Best Regards
most site handled the login/authenication by using the login status of the user at facebook ends.
to do what u wants, simply add an additional layer of authentication / login status checking at your own site.
The site level login status is to be retained only for the current session. In other words, once the user went away from the site, the site level login status is gone. With this, when the user returns, you know that he needs to login again.
when the user logged out from your site, you only log him out of your site and do nothing about facebook login
Using the Facebook SDK it will likely tell you the user is logged out when not logged into Facebook, which in theory is the correct behaviour of the whole system, as Facebook want user's to always be connected to Facebook, I quote facebook:
As long as the user is signed into Facebook, they are automatically signed into your site as well.
So if they aren't connected to Facebook, you aren't connected to other sites. In a way it's a deterrant and increases Facebooks market.
But anyhow, it's likely the site you are describing are implementing their own authentican system rather than using Facebook's own SDK, or if they are using the SDK they are using it in moderation and understand about cookies/the above.
The flow to allow the user to be logged into Facebook but out of your site is as so:
When a user logs out of their site, it will unset session data for the site's own application, and also unset Facebook cookies, etc. That way the user is still logged into Facebook but out of your site.
When they try to log in again, Facebook will detect no cookies are available and hence will re-authenticate and pass you onto the url as passed during the authentication process. Your site will then login the user to the site's own application, setting any session variables, etc.
you need to check how you are handling the FB logins and sessions at your end..
my guess is you check the is login at your site and there are some access_tokens which are as per your app id in the cookies of your browser which are helping you to log in ..
and when logging out from your site you are explicitly logging out the user from FB as well
( thats what you are describing atleast )
you seem to be explicitly calling logout or clearing the cookies for fb app id ..