0

I am trying to check if a User sessions exist with facebook api.

If someone is logged in I want to show a logout link,

If they are not logged in I want to show a login link.

No matter what it is showing a logout link. I think maybe because the call is not logging the user out?????

Also what is the best practice to verify a session for restricted pages? Should I follow the same concept I am using?

 <?php if ($user): ?> // nothing else { redirect to login page?

Here is my code. 

  <?php if ($user): ?>
      <dd><a href="<?php echo $logoutUrl; ?>"><span class="fui-facebook"> </span>Logout</a>
        </dd>
    <?php else: ?>
                <dd><a href="<?php echo $loginUrl; ?>"><span class="fui-facebook"> </span>Sign In with Facebook</a>
                    </dd> 
    <?php endif ?>
            </dl> 
          </div>
        </div>
    </nav>
wuno
  • 9,547
  • 19
  • 96
  • 180
  • `var_dump($user)`. If they're logged out, does this object contain something like, `status=>'guest'` or something? – Ohgodwhy May 28 '14 at 01:17
  • when i var_dump it gives me a string string(10) "11xxxx036" – wuno May 28 '14 at 01:21
  • So that'll pass the conditional statement. Obviously, then, you need to check for a property that only exists when the user is logged in. What does the object contain when logged in? At the very least, most likely an `ID`. – Ohgodwhy May 28 '14 at 01:21
  • yes so I believe that is the session token. so that makes sense. But I cant seem to get it to let me logout. – wuno May 28 '14 at 01:22
  • Interesting.. The button logged me off of facebook but the string still exist and the link on my site does not change. Could this be because the token still exist in my site? – wuno May 28 '14 at 01:24
  • You just blew your own mind. Debugging can lead to amazing things. – Ohgodwhy May 28 '14 at 01:25
  • lol so that is logical? haha im so lost. – wuno May 28 '14 at 01:26
  • It means that user is likely populated with a session ID, and that the session isn't being destroyed. It's time to debug the login script. – Ohgodwhy May 28 '14 at 01:26
  • getLogoutUrl() is what im using and here this says it does what im trying to get it to do. http://stackoverflow.com/questions/15237228/how-to-logout-from-facebook-or-destroy-an-active-session-using-php – wuno May 28 '14 at 01:29
  • You will have to call `destroySession` _after_ the user has been to the logout URL as well – otherwise, the SDK will see the cookies that it has set under your domain before – and using those, will _log the user in again_ … – CBroe May 28 '14 at 02:03
  • Yes I found this. http://stackoverflow.com/questions/7680523/facebook-getlogouturl-link-doesnt-log-user-out-of-facebook I am trying to make it work. The first answer needs some hacking which you can see in the comments. But the second answer I have no clue how to implement. – wuno May 28 '14 at 02:07

1 Answers1

0

Use this code to log out with facebook api

FB.logout(function(response) { // user is now logged out });

If you need more help then visit https://developers.facebook.com/docs/reference/javascript/FB.logout/

user3651145
  • 33
  • 1
  • 6
  • sure but how would you add that to the facebook function? – wuno May 28 '14 at 01:37
  • if ($user) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(array( 'scope' => 'user_about_me, user_checkins, friends_checkins, user_location, friends_location') ); } – wuno May 28 '14 at 01:53