devise_facebook_connectable
devise_facebook_connectable copied to clipboard
grimen
facebook cookie and auto login problems
Something weird is going on, with fb login. Having removed all my cookies and signed out of both the app and fb, I sometimes get signed in automatically without clicking the fb connect button as a user (and when I try and sign out - I get signed in again as an admin o.0 ).
This occurs across many browsers and different computers (all with cookies cleared) - the only thing that i can think of is it might be an issue with all machines having the same IP address, or a bug with FB connect, or a bug in devise/fb_connectable/facebooker.
I will try upgrading to master and report back
Not a an issue for me, but on the other had I'm only having one user model together with a authorization plugin. Would be possible for me to debug if you cold reproduce it in a dummie app.
its a facebooker issue by the looks of it - will make a dummy app, but as well as clear_facebook_session_information I had to do this ::Facebooker::Session.current = nil could it be an issue with Thread.current?
http://github.com/mmangino/facebooker/blob/master/lib/facebooker/session.rb#L93
Solution: we switched to mongrel cluster. passenger and thin still were throwing very weird errors
it's hard to log because it looks like there isnt really an error - its just that the fb session is stored in a thread and is leaking to other connections (therefore you can be logged in as a different user, even without logging in). Its a facebooker issue and I have a +1 on replacing that gem with something else.
Just replying as someone messaged me saying they had the same problem.
Matt
OK, open it up again. I need to review this later on. More of a reminder. Sounds like u say: threading issues with Passenger, etc. I only used it with Mongrel and Heroku so far myself.
note: I did also see this issue albeit not as frequently with thin (in production)
authlogic_facebook_connect seems to have the same issue http://github.com/kalasjocke/authlogic_facebook_connect/issues#issue/12
Probably same as: http://github.com/grimen/devise_facebook_connectable/issues#issue/18
No solution yet.
I am seeing this in mongrel also (get automatically logged in). Hope to dive deeper into it to see what the actual problem is.
I am using 0.1.9. That's the only version that would actually work. If you take master devise with master devise_facebook_connectable all you get is a lot of fail :) I couldn't get any combination of versions to work until I went to the sample app and went off of that.. (it contains devise 1.0.3 and dfc 0.1.9)
I think I tried the various branches that were claimed to be compatible with 2.3. But anyway that's not the point of this discussion, don't want to hijack the thread :)
@skwp: That's an "old" one =) Get the latest (0.2.1) and let me know how it works... http://rubygems.org/gems/devise_facebook_connectable
I just ran into this with facebooker 1.0.55 and devise_facebook_connectable 0.2.1 - Apache/Passenger/Rails 2.3.5 Will try facebooker 1.0.69 and see if it helps.
I just got this problem again with the latest versions of everything. Someone made a purchase which got assigned to a different user account. There is definitely a thread-safety issue here somewhere. Going to take the above advice and switch to oauth2.
Yep, Facebooker has some funky bugs (especially with passenger I noticed). Right now I only use this gem for hobby-sites. :) I need to use it soon though, so new Facebook API might be interesting to implement soon.