Facebook PHP SDK - will not logout properly

Question

I've been searching for hours for the solution to this problem but can't find one that works for me. When i click "Logout" on my site the user information is still visible and the logout button is still displayed. Here is the code:

require 'facebook-php-sdk/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'xxxx',
  'secret' => 'xxxx',
));

// Get User ID
$user = $facebook->getUser();
var_dump($user);
if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.

if ($_GET['logout'] == "yes") {
setcookie('fbs_'.$facebook->getAppId(), '', time()-100, '/', 'http://gno.....ment/index.php');
session_destroy();
header("Location: ".$_SERVER['PHP_SELF']."");
}

if ($user_profile) {
  $logoutUrl = $facebook->getLogoutUrl;
} else {
  $loginUrl = $facebook->getLoginUrl(array('scope' => 'email,publish_stream,user_status',
  'canvas' => 1,
  'fbconnect' => 0,
  'redirect_uri' => 'http://gno.....ment/index.php'));
}

..... .....

<?php if ($user): ?>
<h3>You</h3>
<img src="https://graph.facebook.com/<?php echo $user; ?>/picture">

<h3>Your User Object (/me)</h3>
<pre><?php print_r($user_profile); ?></pre>
<?php else: ?>
<strong><em>You are not Connected.</em></strong>
<?php endif ?>

<?php if ($user): ?>
<a href="<?php echo $logoutUrl; ?>">Logout of FB</a>
<?php else: ?>
<div>
Login using OAuth 2.0 handled by the PHP SDK:
<a href="<?php echo $loginUrl; ?>">Login with Facebook</a>
</div>
<?php endif ?>

It seems that if ($_GET['logout'] == "yes") might be the answer for me but i can't get it working. I don't know where logout is gotten from or where it is defined?

This seems to be a common issue but i can't figure it out. I'd really appreciate some help.

Answer 1

Doing it with PHP SDK is really easy, the documentation is just really awfull. You do not need to redirect to Facebook. You just have to clear the session that the Facebook class sets, there is a function for that in the Facebook base class called destroySession(). Here I'm doing it on a get.

require_once('libs/facebook.php');

$facebook = new Facebook(array(
    'appId'  => 'xxxxxx',
    'secret' => 'xxxxxx'
)); 

$facebook->destroySession();

The $facebook->getLogoutUrl() logs the user out of Facebook.

Answer 2

Because I still have PHP 5.3 at my CentOS 6.7 server in year 2016 and don't want to take the hassle of upgrading the PHP version - I still use the old facebookarchive/facebook-php-sdk instead of the newer facebook/facebook-php-sdk-v4 library.

And here is how I handle the logout in my app:

<?php

require_once('facebook-php-sdk-3.2.3/src/facebook.php');

const TITLE      = 'My amazing app';
const REDIRECT   = 'https://example.com/myapp/';

#Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;
#Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 2;

$client = new Facebook(array(
        'appId'  => REPLACE_ME,
        'secret' => REPLACE_ME,
));

if (isset($_REQUEST['logout'])) {
        $client->destroySession();
        header('Location: ' . REDIRECT);
        exit(0);
}

if ($client->getUser()) {
        try {
                $me = $client->api('/me?fields=id,first_name,gender');
                $body = '<PRE>' . print_r($me, TRUE) . '</PRE>';
        } catch (FacebookApiException $ex) {
                error_log($ex);
                $body = '<PRE>' . htmlspecialchars($e->getMessage()) . '</PRE>';
        }
} else {
        $body = sprintf('<P><A HREF="%s">Login</A></P>', $client->getLoginUrl());
}

?>

<!DOCTYPE HTML>
<HTML>
<HEAD>
        <TITLE><?= TITLE ?></TITLE>
</HEAD>
<BODY>
        <?= $body ?>
        <P><A HREF="<?= REDIRECT ?>?logout">Logout</A></P>
</BODY>
</HTML>

Do not forget to -

1. Get web client id and secret at Facebook console
2. Authorize the https://example.com/myapp/ at the same place

Answer 3

Had some kind of similar trouble with that. Even

$facebook->destroySession();

didn't work properly until I removed

$facebook->getLogoutUrl();

call completely. getLogOutUrl() added some parameter that conflicted later with my .htaccess and led to *"mod_fcgid: stderr: CSRF state token does not match one provided"* error.

Answer 4

I was able do logout the user from my app using:

$facebook->destroySession();

The

$facebook->getLogoutUrl();

makes the user be logged out from facebook, not from your app.

Answer 5

Here is how I logout using the latest PHP-SDK:

login.php

require_once("php-sdk/facebook.php");

// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
  'appId'  => 'xxx',
  'secret' => 'xxx',
));

// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.
if ($user) {
    $logout_params = array('next'=>'http://www.pittsburghpartycentral.com/logout.php');
  $logoutUrl = $facebook->getLogoutUrl($logout_params);
} else {
    $login_params = array(
                        'scope' => 'email',
                        'display' => 'popup'
                        );
  $loginUrl = $facebook->getLoginUrl($login_params);
}

// This call will always work since we are fetching public data.
$naitik = $facebook->api('/naitik');

?>
<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
  <head>
    <title>php-sdk</title>
    <style>
      body {
        font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
      }
      h1 a {
        text-decoration: none;
        color: #3b5998;
      }
      h1 a:hover {
        text-decoration: underline;
      }
    </style>
  </head>
  <body>
    <h1>php-sdk</h1>
    <?php if ($user): ?>
      <a href="<?php echo $logoutUrl; ?>">Logout (<?php echo $user_profile[first_name]; ?>)</a>
    <?php else: ?>
      <div>
        Login using OAuth 2.0 handled by the PHP SDK:
        <a href="<?php echo $loginUrl; ?>" onclick="javascript:void window.open('<?php echo $loginUrl; ?>','fb_popup','width=600,height=300,toolbar=0,menubar=0,location=0,status=0,scrollbars=0,resizable=0,left=0,top=0');return false;">Login with Facebook</a>
      </div>
    <?php endif ?>

    <h3>PHP Session</h3>
    <pre><?php print_r($_SESSION); ?></pre>

    <?php if ($user): ?>
      <h3>You</h3>
      <img src="https://graph.facebook.com/<?php echo $user; ?>/picture">

      <h3>Your User Object (/me)</h3>
      <pre><?php print_r($user_profile); ?></pre>
    <?php else: ?>
      <strong><em>You are not Connected.</em></strong>
    <?php endif ?>

    <h3>Public profile of Naitik</h3>
    <img src="https://graph.facebook.com/naitik/picture">
    <?php echo $naitik['name']; ?>
  </body>
</html>

logout.php

<?php 
    session_start();            //start session
    $_SESSION = array();    //clear session array
    session_destroy();      //destroy session
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Log Out</title>
</head>

<body>
<p>You have successfully logged out!</p>
<p>Return to the <a href="connect.php">connect</a> page</p>

</body>
</html>

Answer 6

To answer directly to your question

... I don't know where logout is gotten from or where it is defined?

When you create your logout url, add additional parameter 'logout'

$logoutUrl = $facebook->getLogoutUrl(array(
    'next'=>'http://yourdomain.com/facebook-test-search.php?logout=yes'
));

Then in your script, you clear session and cookies when isset($_GET['logout'])

Answer 7

You can solve this problem by specifying external logout problem. You can have a look at here

for detail information. It is a good tutorial for this problem.

Hope this helps

Answer 8

I remember this was a huge pain in one of my apps. It seems that finally what seemed to work was:

jQuery(function() {
   /* ... */
   FB.logout();
   window.location = 'some url';
});

I should be about the same without jQuery (just run FB.logout() at page load). AFAIR I just could not get this to work on the server-side in PHP. Hope it helps :).