I am implementing "login with facebook" feature using php sdk, i am able to grab user profile details. But after that user remains logged in. Suppose user is accessing my site and after using "login with facebook" features he leaves immediately, then next person sitting there can use(misuse) previous persons account.
1)How can i automatically logout user after fetching what i needed (I dont want to show user "facebook logout" button).
2) Is there any way i can only logout user from my app and not facebook logout ? (i mean if user is already using facebook in another tab then it should only logout users facebook session from my app.)
Assuming all the usual security measures are in place (session timeouts apply to FB logins, doesn't leak FB data across distinct PHP sessions, logging out of your site clears FB session data or moves to a login/front page with no FB access), websites with Facebook integration generally don't bother securing their FB integration on a per-request basis. It's the user's own fault if they leave a browser window open and logged into your website, there's not a lot you can or really should do about that kind of mistake.
All that being said, you can call getLogoutUrl and then redirect the user to that URL to log them user out of the current session, OR you can use the JavaScript SDK's FB.logout(). Both options are mentioned here.
Related
If customer register with their new account then they cannot login their account and they just see Login page again and again without sending any error on console. They cannot even see "MyAccount" page after first time they register with their account. When customer enter login information on login page and hit the login button, page just refreshing without sending any error message also if you have any item in the cart, the item quantity increase with refresh page which happen when you click on login button.
If I use old customer user email and password for login customer account then its loges in and you redirect "MyAccount" page and it's working well.
If anybody have any idea about this, please share with me.
Thanks
No. You are better off using Firebase as it's a lot easier if you are doing cloud messaging. Also with Google's Firebase Cloud Messaging, You can Deliver and receive messages in a more reliable way across platforms and with authentication you have a lot less friction with acclaimed authentication.
Authenticating a user has never been more simple: Eg
OR
Saving an image to Cloud Storage: Eg
I wonder what is the right technique to streamline the login to my site via Facebook.
Currently, I have a web site integrated with Facebook Login button. Right now, it's an independent web site, and not a "Facebook app" (running in the canvas). While this is not my decision, this could change in long term if matters.
The way the authentication work: the "fb-login-button" is redirected to my application URL using onlogin() event; the server side uses the cookie to retrieve the "access token" and perform further Graph API work. The business logic resides on the server side.
The current business requirement is the following:
Suppose someone posts a link to my site, somewhere in Facebook, for example in our site community page:
http://www.mysitedomain.com/offer1
A Facebook logged-in user clicking on the link - should get to the target page, after his Facebook identify got verified, and the result should be personalized for that user.
If a Facebook user already has an active session with my site - trivial.
Assuming a user had approved my site (app) in the past, but has no active session - here I am looking for the best practice to do the login.
Also, I would appreciate a hint how to handle the app authorization (i.e. showing the Facebook authorization dialog) in a most efficient way.
Thanks for any hint.
Check out FB Login Architecture and FB.getLoginStatus. Based on FB documentation, If you use javascript sdk, it only triggers a Popup on the same page and once authenticated it will go back to the same page. So once the login status is confirmed then you can get users information from graph api and update via AJAX on your page. You can also checkout this server side login. Hope this helps.
I want my Facebook app that I'm developing on, appears as an iframe in several fan pages that I have on Facebook.
is this possible to place a facebook app on a Facebook fan page iframe?
if so will my users need to approve my app on each page or will one-time approval for the app will approve it for him in all my fan pages?
Yes this is possible, please refer to Page Tab Tutorial and Apps on Facebook.com documentation for details on how to do this
User only need grant access to application once, on other Pages same application will get all user details (This isn't required, if you application doesn't need user identity to work, you can skip this at all)...
Facebook grants permissions by app id, so no matter how many pages you put that app in, it will only ask for perms on one page.
I'm integrating Facebook into my application. A user in my app can either be authenticated via Facebook, or be authenticated by their account (email address + password) with the app. I have a page in my app where I pull Facebook friends list using FB Javascript sdk. I log into the app using Facebook authentication then navigate to the page and can see my friends list. I can then logout of app using FB.logout then login to the app using a different user account (email + password) then navigate to the page and still see my friends list. I've logged into the app using a non-facebook authenticated login. It's not a caching issue as I have no caching set up in my dev environment. I'm new to Facebook. Any ideas on why the friends page is still retrieving friends list? Thank you!
I doubt the browser is caching the friend list, unless your loading the friends list after the page is loaded via ajax. But even then it would be rare to see such a thing.
I've never used the js sdk. But i know with the PHP one it automatically stores the fb token in the session. However ive just had a thought, if your using the JS SDK, that probably means that your not using tokens like the PHP sdk does. I would guess that its because facebook is detecting the user as logged in ?
Try logging out of facebook after you logout of your own site, then login with a different account. If that works, then you need to google around and get the code for logging them out of facebook. I believe the old trick was to just header redirect them to the facebook logout url, but there may be a nicer way of doing this.
Having said that, this would log them out of facebook, so you might annoy some people. How often can you see people logging out to log in with a different account?
I have a website which users can sign up to using Facebook Connect (with the new OAuth 2.0 stuff). Now when a user logs out of Facebook they remain logged-in on my site.
I'm not using the JavaScript SDK as I don't like the "magic behind the curtains". So what should I do when a user logs out of Facebook? Should I care at all? I get the feeling I should try to catch this somehow and log them out of my site as well.
I'm using Django with a custom authentication backend for this.
Don't do anything. You are using facebook as means of authentication. The fact that the user logged out of facebook means nothing for that matter - He's stil the same user.
Do the users think of your site as a part of facebook? I guess not (assuming its not a facebook app, just a login via facebook). Then it would be surprising and counterintuitive from the user's perspective to find he's also logged out of your site when he only logged out of facebook.