All geek questions in one place

Facebook API SDK Clearing Sessions (PHP)

I successfully use the SDK (PHP) to connect users to my site, but I am having problems authenticating their account. Their account was successfully completed, but for some reason my site sessions are being cleared.

Flow:

  • User is registered on my site (local username and password)
  • User connects to Facebook in a popup
  • Facebook authenticates the user and returns him to my site
  • My sites session is now invalid (both in the popup and in the main window), as a result of which the user logs out.

I use the Facebook SDK (PHP) and my site uses the CakePHP framework

Any help would be greatly appreciated.

+6
source share
3 answers

I could not understand why the session was reset, so I decided not to use the SDK for authentication. This is what I used instead.

$code = (isset ($_REQUEST['code']) ? $_REQUEST['code'] : null); if (empty ($code)) { $dialogUrl = 'http://www.facebook.com/dialog/oauth?client_id=' . $this->appId . '&redirect_uri=' . urlencode($this->url) . '&scope=' . implode(',', $this->scope); header('Location: ' . $dialogUrl); die; } else { $tokenUrl = 'https://graph.facebook.com/oauth/access_token?client_id=' . $this->appId . '&redirect_uri=' . urlencode($this->url) . '&client_secret=' . $this->secret . '&code=' . $code; $accessToken = file_get_contents($tokenUrl); $this->Session->write('facebookAccessToken', $accessToken); $graphUrl = 'https://graph.facebook.com/me?' . $accessToken; $fbUser = json_decode(file_get_contents($graphUrl)); if ($fbUser) { ... } }
+1
source

I cannot tell you what your session is deleting, but you can try this (works for me)

use the Javascript SDK to display login buttons that open a popup to connect to FB

add the js SDK to your page as follows:

 <div id="fb-root"></div> <script> window.fbAsyncInit = function() { FB.init({appId: '<?php echo FB_API_ID; ?>', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.login', function() { new Request({ 'method': 'get', 'url': '<?php echo $this->Html->url(array('controller'=>'users','action'=>'login_fb'));?>', 'onSuccess': function(result){ window.location.reload(); } }).send(); }); }; (function() { var e = document.createElement('script'); e.async = true; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; document.getElementById('fb-root').appendChild(e); }()); </script>

In the auth.login event auth.login I use the ajax call / users / login_fb, which will use the SDK to check Facebook in a facebook session:

  App::import('Lib', 'facebook_sdk/facebook'); // "MyAuth" is a custom Auth Component that extends the normal Auth component $this->MyAuth->facebook = new Facebook(array( 'appId' => FB_API_ID, 'secret' => FB_SECRET, 'cookie' => true, )); $me = null; $session = $this->MyAuth->facebook->getSession(); if ($session) { try { $uid = $this->MyAuth->facebook->getUser(); $me = $this->MyAuth->facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } } if ($me) { $this->Session->write('FbLogin.session',$session); $this->Session->write('FbLogin.user',$me); $UserModel = ClassRegistry::init('User'); $user = $UserModel->findByUid($me['id']); if(!$user){ $UserModel->create(); $user_data = array( 'username'=>$me['username'], 'name'=>$me['first_name'], 'lastname'=>$me['last_name'], 'email'=>$me['email'], 'group_id'=>GROUP_VISITOR, 'uid'=>$me['id'] ); $UserModel->save($user_data); $user['User']['id'] = $UserModel->id; } $this->Session->write($this->MyAuth->sessionKey, $user['User']); $this->MyAuth->_loggedIn = true; } }

The basic idea is that in js, I call ajax to check the fb session and then save it in the cake session and js will refresh the page

+2
source

Perhaps it’s worth checking the security level of Cake, maybe it does referrer checks (I think it does this in the “high”, maybe “medium” setting), which will lead to the session being invalid.

+1
source

Source: https://habr.com/ru/post/885890/

More articles:


All Articles