CakePHP-Facebook-Plugin
CakePHP-Facebook-Plugin copied to clipboard
webtechnick
Unable to log out issue
So I've got the system working half-well. When I log into facebook, it logs me into my cakePHP app.
In my users/logout function, I redirect back to the homepage.
I've routed the facebook logout to my logout function in my users controller. When I use that, the logout logs me out of facebook but not on my cakePHP app.
When I log out by going just to the logout function while still logged into facebook (and not logging out of facebook), nothing happens.
I removed the redirect from the logout function and when I sign out, it appears to work, but when I navigate back to the home page (or any other page), it logs me back into my cakePHP app.
My solution for this was to manually delete the entire session before I redirect
function logout() { $this->Auth->logout(); $this->Session->destroy(); $this->redirect(array('controller' => 'articles', 'action' => 'index')); }
While this appears to be working, I'd like to know why it's necessary? What am I doing wrong here??
Nope, 1.3. Nick states that the plugin is only compatible with 1.3 right now too so if you're using 2.0 I would imagine there would be some issues.
This is maddening, I'm about ready to just build my own (much less robust) solution. The problems are much more complicated than this.
1.) In Firefox, logging into FB via FB Connect When I log into FB through the CakePHP app, the page refreshes 3 times and appears not to be logged in. Upon a manual refresh after this, I am then completely logged into system. This does not appear to happen in Chrome. IE is an entirely different beast
2.) Logging out of the system When logged into the app via FB brings up a logout link that logs the user out of FB and then out of the CakePHP app. The logging out of FB appears to work correctly and the login options are loaded (conditionally, if the user isn't logged in). If you refresh the browser though, the user is logged into the system again, but not facebook.
By printing the sessions, it appears that the Auth session is never deleted, or is somehow re-authenticated.
4.) Viewing Sessions Upon initial loading of the app, if i print out the session, the following two empty arrays are stored in the session:
Array ( [FB] => Array ( [Me] => ) )
All of these issues go away when I remove/disable the facebook plugin. The authentication works fine.
For reference... again, I manually destroy the session in my logout function just to see if that helps. I initially thought it was, without it the user wasn't getting logged out at all. Now it's simply a matter of pushing refresh to be logged back in.
function logout()
{
$this->Auth->logout();
$this->Session->destroy();
$this->redirect('/');
}
Essentially, logging in works fine for the most part, although the behavior is a little flaky in firefox. Logging out is an impossibility. It's related somehow to this plugin because without the plugin everything works fine.
I've tested this on multiple machines. Last night I tested this on a clean install of cake. The only commonality was my users table, which you can take a look at below. I have tried multiple facebook app settings, I don't feel its related to that.
1 id int(11) No None AUTO_INCREMENT Change Drop More
2 facebook_id bigint(20) UNSIGNED Yes NULL Change Drop More
3 username varchar(20) latin1_swedish_ci No None Change Drop More
4 email varchar(50) latin1_swedish_ci No None Change Drop More
5 password tinytext latin1_swedish_ci No None Change Drop More
6 date int(11)
Thanks Tspesh! good job! I was having the same issue, and also the Firefox Login is not completely working for me as well:
"1.) In Firefox, logging into FB via FB Connect When I log into FB through the CakePHP app, the page refreshes 3 times and appears not to be logged in. Upon a manual refresh after this, I am then completely logged into system. This does not appear to happen in Chrome. IE is an entirely different beast"
I tracked down the requests and what I found that "me" (FB.Me) is not being create on the first firefox redirect, but I don't know how to fix it
Thanks any way. I hope we can find a solution soon
Unfortuantely, for me at least, I'm finding that today this isn't much of a solution either. It works if you log in and log off on the same page, but if I navigate to another page and log out, as soon as I go back to the home page the Auth session is back. It's very odd.
And I've traced the path a bit more...
connect.php, setting "noauth" to true (which disables syncFacebookUser) fixes the logout problem, but this function is also what makes this plugin so useful.
The problem is related to the fbsr_(facebook_app_id) cookie. When I manually delete this cookie from my browser, I am able to logout.
I really wish I was intelligent enough to figure this out. Still no solutions from me...
http://stackoverflow.com/questions/8762756/facebook-fbsr-and-session-wont-delete
I may have found out what's going on here. Until the other night I had not bothered to setup my .htaccess files and both http:/www.example.com and http:/example.com were valid.
In my facebook app, I had set up example.com as a domain and pointed the site URL to www.example.com.
With the fbsr_{app id} cookie, I noticed that it was sometimes on the http://example.com while my cakephp cookies were on www.
I played around with changing the URL in my facebook app (adding www, removing www) and then also started doing the rewrite rules in .htaccess to add or remove www. I just removed the appdomain entirely from my facebook app, forced www. to the domain, and now everything is kosher.
So I think the trick is to
Not have the app domain in the facebook app Fix canonicalization of www via .htaccess This ensures that both the cakephp and the facebook cookies are being saved to the identical domain, and when you logout they are removed from said domain.
Hope this makes sense...
Hi,
I am struggling on this issue too. I digged down to the PHP SDK and it confirms that FB.logout() logs user out but, getUser() in PHP SDK isn't aware of that session. It then logs the user back in to the CakePHP application again after the page refresh.
Just to let you know there is a similar issue people reported to Facebook a few days ago (http://developers.facebook.com/bugs/245362365535898?browse=search_4f0c36373f48b9462057150) and they're working on it with high priority.
Anyway, I will try to implement your solution and will get post back.
Thanks. I tried finding a bug on facebook a few weeks ago to no avail. Glad to see this isn't looking to be Nick's problem. It's odd that the changes I made to the facebook app seem to work fine.
tspesh,
I've tried implementing your solution, but can't seem to get the .htaccess to force www. to the domain. The only thing I seem to be able to force it to do is throw a 500 Internal Server Error. I've tried looking up solutions, but no dice. Here's my app-level htaccess file:
Am I doing something wrong? Do I need to edit the other two .htaccess files? I'm really beating my head against a wall here and would like to spend my time solving other problems. Any help is appreciated.
There are a few .htaccess files, you're editing the wrong one.
Cake-Install -> Not this one App -> Not this one webroot->THIS ONE
I don't think it's related though. I am developing locally at local.example.com and my app domain is set to both example.com and local.example.com and i still can't logout of CakePHP. Weird.
To relate to your domain related fix tspesh, i noticed that setting the App Domain in the FB App Settings always leave the possibility for subdomains. For example setting your App Domain to example.com has FB creating a cookie set on the ".example.com" domain. Could that be related?
For some reason my "fix" is no longer working. I know that there was a related bug floating around Facebook, so hopefully they are working on it.
Not too sure what the problem is here but it has something to do with the FB session data not being unset when the logout mechanism is run. I ended up putting $this->Session->destroy(); in my logout function in my users controller and the login seems to work correctly. Do you think this will mess anything up?
OK, I've finally got a working logout system on my app. I noticed that if I manually reloaded my login page (after disabling the auto redirect), the fbsr cookie would be deleted. Any reload from the controller wouldn't work - the page has to render and the FB helper has to run.
I made a hack in which the login page renders exactly once, and then reloads the login page - and the fbsr cookie was gone.
The exactly once part isn't important. As long as the view renders at least once. I initially redirect to users/login/1 and then have a javascript file that reads if the url has a 1 at the end. If so, it redirects to users/login. Not the proudest moment of my life, but it seems to work for me now. On Jan 17, 2012 7:32 AM, "Abou Kone" < [email protected]> wrote:
csc1cec I don't get what you mean by rendering the page exactly once?
Reply to this email directly or view it on GitHub:
https://github.com/webtechnick/CakePHP-Facebook-Plugin/issues/43#issuecomment-3527780
Thanks C. FB are taking their time with a fix on that? Nobody cares there?
Hi Guys,
It seems to me that Facebook has fixed this issue. Look at this link 'http://developers.facebook.com/bugs/245362365535898?browse=search_4f0c36373f48b9462057150". The ticket status has changed from 'Assigned' to 'Fix Ready' with no details of the fix (strange?). I removed the temporary fix suggested tspesh and I am able to log in and log out with no problem.
humm.. i think Fix Ready state does not mean that the fix has been released yet... I am still having trouble login in and out.
I have FB issues here and there. It am confident to say it isn't stable.
Two things I would like to share:
- PHP SDK has been updated recently. It seems to me that the $FB->getUser() may start to return a correct value. Please note: I haven't pulled yet but as you can see from this commit (https://github.com/facebook/php-sdk/commit/2b19d803635b36d0ad06faac4e253c83dcbf68aa) he fixed the session issue which relates to the logging in and out.
- This may help someone who has similar situation. I use a database session with session name 'CAKEPHP'. After connected with Facebook, it generates another session id with session name 'PHPSESSID'. The problem occurs when I log out from Facebook, it terminates Facebook's session correctly but app's session doesn't get terminated in /users/logout. I fixed this issue by overwriting 'CAKEPHP' session name with 'PHPSESSID'. This way my app and Facebook use the same session and that solves my issue. It works now.
You are totally right, i also noticed the PHPSESSID session cookie. Let me try that because i am still having issue login in and out.
Well Chrome works fine logging in and out, but Firefox is iffy. When i log in, it redirects me to my homepage but it does not recognize a session. If i refresh the page manually then all is kosher.
On a unrelated note, can you check that you are indeed able to hit your callbacks (beforeFacebookLogin and afterFacebookLogin), i am tracking the code in connect.php and on login in with an already existing user, and I am unable to access any of those callbacks...
I'm able to get them. Where are you putting them? I believe they have to be in the app controller which is where mine are and they work fine.
techakone, for the Firefox issue, try to modify facebook.php view helper's init function.
Callback should be:
$callback = "FB.Event.subscribe('auth.login',function(){setTimeout('document.location.reload()',0);});";
This solved my problems. Also check this: http://bugs.developers.facebook.net/show_bug.cgi?id=20499
Thanks Sbacelic, that did actually work! Do any of you know how to retrieve the facebook session value from Session? I check my session and there is a fb_xxxxxxxx_user_id value in session that gets written when logging in with FB. I need to use it to differentiate regular logins from FB ones, i tried session->read("FB.me") but that's tnot it.
In logout.php file (called after FB logout), put these lines of code: session_destroy(); session_start();
any help regarding this issue. I am not able to logoff from facebook. As per all references, My logout functions looks like below. Still not working. Anything else?
if (isset($_COOKIE['fbsr_' . $app_id])) {
setcookie('fbsr_' . $app_id, $_COOKIE['fbsr_' . $app_id], time() - 3600, "/");
setcookie('PHPSESSID', $_COOKIE['PHPSESSID'], time() - 3600, "/");
unset($_COOKIE['fbsr_' . $app_id]);
unset($_COOKIE['PHPSESSID']);
$facebook->destroySession();
// $facebook->clearAllPersistentData(); -> not working because call to protected method
session_destroy();
session_start();
}
I got it fixed. For firefox, just try to delete all session cookies and try again.
@amjithps Wow! Where exactly did you add this code? In plugin's helper file's logout function or somewhere else? Can you post your complete logout function? Thanks!
It is within controller action for logout
function signout()
{
session_destroy();
session_start();
$this->redirect($this->referer());
}
Put this in view file for logout option: $this->Facebook->logout(array('redirect' => array('controller' => 'users', 'action' => 'signout')));
@sacbhatia this is also not working. This is because its not able to clear session and getting on
$this->FB = new FB(); $this->uid = $this->FB->getUser() // code ConnectComponent.php line 79
Any idea to clear this session or to prevent
Thanks
@amjithps I exactly did what @sacbhatia suggested and it worked like a charm.
@smartidiot Did the same thing. When we logout session is getting cleared. But after one navigation/refresh facebook session is back again. not able to logout.
@amjithps No. I tried in both Chrome and Firefox. After logout, refresh has no effect on session .. it's gone. It also logs you out from Facebook.
@smartidiot If we are already logged in facebook on another tab, and try to login from "login with facebook" . then logout. it will not. getting facebook session and logging into the system. This should not be happen. If we logout from the system, then it should not login with facebook session.
Check this https://github.com/webtechnick/CakePHP-Facebook-Plugin/issues/52#issuecomment-4596938
For login issue, replace plugin code with this: <button class="fblogin" value="Login with Facebook" title="fconnect"></button>
And add js for document.ready function:
$('.fblogin').click(function (e) {
e.preventDefault();
try{
FB.login(function(response){
if(response.status=='connected') {
parent.location = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'LOCATION OF fconnect FUNCTION/';
}
}, {scope: "email,user_birthday"});
}catch(error){}
});
As others said before me, it looks like it's the session data that is not being cleared. With CakePHP 2.0 I managed to do this to get it working:
In AppController:
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'photos', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'signout'),
'authorize' => array('Controller')
),
'Facebook.Connect' => array('model' => 'User')
);
In UsersController:
public function logout() {
$this->redirect($this->Auth->logout());
}
public function signout() {
$this->Session->destroy();
$this->redirect(array('controller' => 'photos', 'action' => 'index')); // Wherever I want to be redirected after logout
}
