CODEWITHSUNDEEP
phpfacebookfacebook-php-sdk
Moshe Shaham
Moshe Shaham

Reputation: 15984

Facebook connect php - staying logged in

I'm trying to use facebook connect with php, and it's important that the user will stay logged in to my site even after the session is destroyed.

I've run the with_js_sdk.php example from the SDK. In this case the user has to log in again on every session. with the example.php method it doesn't happen, and the user stays forever logged in.

I would like to ask why is that? and is it possible to have the first method make the user always logged in?

By the way, I think i need the PHP + JS combo because I don't want a page refresh on login. Is it true?

Thank you...

Upvotes: 1

Views: 692

Answers (1)

Robbie
Robbie

Reputation: 17720

Both examples should leave the user logged in. The necessary login data is stored in a cookie and re-used.

What might be the problem: I have found that the "$user = $facebook->getUser();" call sometimes fails even through the user is logged in. My advice is not to rely on that call, but skip to the try/catch block below, and set the user from there.

try { $user_profile = $facebook->api('/me'); $user = $user_profile['user_id']; } catch (FacebookApiException $e) { $user_profile = false; $user = null; }

As this appears more reliable.

Failing that, you can control it all yourself. Steps are:

  1. Tell Javascript not to use cookies
  2. Log the user in and use the "getAccessToken" function to get the access token of a logged in user. Store that in a cookie of your own name/duration.
  3. Next time a page loads, check for the access token cookie you created, and use "setAccessToken" and then folow the same try/catch block. If the user return invalid, then clear your own cookie as that means the accesstoken has been invalidated by the user.

You shouldn't need this last approach (unless sharing tokens between sessions/devices, or desiring offline access) as that's exactly what the facebook SDK does - but it does help you control and understand hte process more.

Finally, you can do all of the login / getAccessToken / store cookie method though JavaScript, thus logging the user in and remembering it without refreshing the page. Just check the appropriate action on auth.login to remember the cookie and change page contents - don;t reload the page.

The cookie will be read by PHP next time the user refreshes the page / returns to the site. Remember to clear the cookie on logout.

So you can do what you want, yes.

Upvotes: 1

Related Questions