How to clear facebook session and cookie when using devise + omniauth + rails 3?

Question

I implemented account creation and login using facebook connect using devise + omniauth on rails 3. My problem, however, is clearing facebook session and cookies when user logs out. Currently when a user signs out, it seems to clear current session. However, when a user signs in again, it automatically logs the user in because of the facebook cookie. I'd like the sign_out method to clear the cookie so that when a user tries to log in next time, it will ask user to sign in with facebook.

Right now I am using the default devise route "devise_for :users". Shall I overwrite it by creating "class SessionsController < Devise::SessionsController"? If so, do I need to write both create and destroy methods? In destroy method, how do I exactly clear fb cookie(s)?

Any help would be much appreciated!

Could you find the answer for this question? – khelll Sep 30 '11 at 14:38 — khelll, Sep 30 '11 at 14:38

score 1 · Accepted Answer · answered Sep 30 '11 at 17:48

In order to clear out FB session, you have to use FB JS SDK.

So, here is what I did.

First, init FB JS. I used a partial, but you can just put this this in layout

<script type="text/javascript">
  window.fbAsyncInit = function() {
    FB.init({
      appId: '[APP_ID]', 
      status: true, 
      cookie: true, 
      xfbml: true});
  };

  (function() {
    var e = document.createElement('script');
    e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
    e.async = true;
    document.getElementById('fb-root').appendChild(e);
  }());
</script>

Then, I bound logout link to a FB.logout function that calls destroy_user_session_path in application.js.

$(function() {
  $('#logout').click(function(e) {
    FB.logout(function(response) {
    var url = $('#logout').attr('redirect_url');
    $.ajax({
      url: url,
      type: 'DELETE',
      success: function(msg) {
        window.location = '/';
        }
      });
    });
    e.preventDefault();
  });
});

My application.html.erb.

<% if user_signed_in? %>
  <p><%= link_to "logout", "#", :id => "logout", :redirect_url => destroy_user_session_path %></p>
  <p>Hi, <%= current_user.email %></p>
<% else %>
  <p><%= link_to 'Login with Facebook', '/auth/facebook/' %></p>
<% end %>

How to clear facebook session and cookie when using devise + omniauth + rails 3?

1 Answers1