Facebook api php destroySession 不会破坏 javascript 会话/cookie
我试图尝试的是在点击注销时注销我的网站,但不注销 Facebook。这是我的代码的精简版本,改编自 Facebook 提供的示例。
当前发生的情况是,当注销被点击时,会话被销毁,页面重新加载,然后事件订阅 auth.login 和 auth.logout 在页面加载时触发并将页面发送到重定向循环。
我尝试过将代码的注销部分放在单独的页面上,并为用户提供一个单击以返回网站的链接,但 auth.login 在页面加载时再次触发并使用户重新登录。
我要问的是如何以一种既不会使用户退出 Facebook,又不会自动在我的网站上重新验证用户的方式销毁会话。无论我尝试什么,auth.login 都会自动触发并重新验证用户!
<?php
require 'include/facebook/facebook.php';
$facebook = new Facebook(array(
'appId' => 'API KEY',
'secret' => 'API SECRET',
));
if(isset($_POST['logout'])){
$facebook->destroySession();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-3600);
setcookie($name, '', time()-3600, '/');
setcookie($name, '', time()-3600, '/','MY DOMAIN');
}
}
$signed_request_cookie = 'fbsr_' . API KEY;
setcookie($signed_request_cookie, "", time()-3600, '/', 'MY DOMAIN');
}
// See if there is a user from a cookie
$user = $facebook->getUser();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
$user = null;
}
}
?>
<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php if ($user) { ?>
Your user profile is
<pre>
<?php print htmlspecialchars(print_r($user_profile, true)) ?>
</pre>
<form action = "" method = "post">
<input type = "submit" name = "logout" value = "logout"/>
</form>
<?php } else { ?>
<fb:login-button></fb:login-button>
<?php } ?>
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId: '<?php echo $facebook->getAppID() ?>',
channelUrl : '/channel.php', // Channel File
cookie: true,
xfbml: true,
oauth: true,
status: true
});
FB.Event.subscribe('auth.login', function(response) {
alert('logging');
window.location.reload();
});
FB.Event.subscribe('auth.logout', function(response) {
alert('logging out');
window.location.reload();
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
</script>
<br />
POST:
<?php
print_r($_POST);
?>
What I'm trying to attempt is to log out of my website when hitting logout, but not log out of Facebook. This is a stripped down version of my code, adapted from the example Facebook provide.
What currently happens is that when logout is hit, the session is destroyed, the page reloads and then the event subscribes for auth.login and auth.logout fire on page load and send the page into a redirect loop.
I've tried having the logout section of code on a separate page and giving the user a link to click to return to the site, but again the auth.login fires on page load and logs the user back in.
What I am asking is how do I destroy the session in a way that won't log the user out of Facebook, but will not re-auth the user on my site automatically. No matter what I try the auth.login fires automatically and re-auths the user!
<?php
require 'include/facebook/facebook.php';
$facebook = new Facebook(array(
'appId' => 'API KEY',
'secret' => 'API SECRET',
));
if(isset($_POST['logout'])){
$facebook->destroySession();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-3600);
setcookie($name, '', time()-3600, '/');
setcookie($name, '', time()-3600, '/','MY DOMAIN');
}
}
$signed_request_cookie = 'fbsr_' . API KEY;
setcookie($signed_request_cookie, "", time()-3600, '/', 'MY DOMAIN');
}
// See if there is a user from a cookie
$user = $facebook->getUser();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
$user = null;
}
}
?>
<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php if ($user) { ?>
Your user profile is
<pre>
<?php print htmlspecialchars(print_r($user_profile, true)) ?>
</pre>
<form action = "" method = "post">
<input type = "submit" name = "logout" value = "logout"/>
</form>
<?php } else { ?>
<fb:login-button></fb:login-button>
<?php } ?>
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId: '<?php echo $facebook->getAppID() ?>',
channelUrl : '/channel.php', // Channel File
cookie: true,
xfbml: true,
oauth: true,
status: true
});
FB.Event.subscribe('auth.login', function(response) {
alert('logging');
window.location.reload();
});
FB.Event.subscribe('auth.logout', function(response) {
alert('logging out');
window.location.reload();
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
</script>
<br />
POST:
<?php
print_r($_POST);
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我注意到在您的事件订阅中,您没有查看呼叫返回的响应,而是盲目地重新加载页面。您应该检查响应值,并且仅在您真正需要时才进行重定向。我很惊讶 Facebook JS SDK 会触发这些事件,即使响应表明确实发生了不同的事情。
I notice in your event subscriptions that you don't look at the response coming back from the call, and are blindly reloading the page. You should check the response value and only redirect when you really want it to. I was surprised that Facebook JS SDK will fire those events even when the response says something different really happened.
这感觉像是一种非常肮脏的方法,但我刚刚完成了 JS Facebook 初始化程序的包装,并且仅在有人点击 FB 登录按钮时才运行它。我仍然不确定这是我创建的错误还是 FB API 的缺陷,如果有人能给我任何指示,我将不胜感激。
It feels like a pretty dirty way to do it but I've just ended up wrapping the JS Facebook initialiser and only running it when someone hits the FB login button. I'm still not sure if this is an error that I've created or a shortfall in the FB API, if anyone can give me any indication either way I'd be grateful.