Facebook api('/me','GET') returns the user data even after logout

Question

In my current project, I am using api('/me','GET') to retrieve the user data of the current logged in user. I have a sync option of my project to the Facebook user, I could also deactivate the sync, the problem is even I logged out my Facebook and change the Facebook user and sync again, it still returns the previous user data.

Here's a snippet of the code:

$user_profile = $facebook->api('/me','GET');

$fname = $user_profile["first_name"];

I am using $fname to display the first name of the Facebook user once synced, the scenario is:

*My project is now synced to my Facebook user, I then logout my Facebook and resync my project. Yet it displays the first name of the previous user I was on.

I can't seem to understand why it retains the user data of the previous user, the only time it syncs with the new Facebook user is when I logout and re-login my website project. I'm using the PHP SDK by the way.

Answer 1

That's probably because the access_token is still valid. The token is usually held inside a cookie, so even though the user is logged out of Facebook, this cookie remain available and the token stay valid as it is not linked to the user being logged in or out of Facebook, but with your application until it expires.

So, you can delete the cookie manually so your app can't access it after user logout. Or you could invalidate the access token by sending a DELETE request to ’/me/permissions`.

I'm not 100% sure, but that this process is automatic when using the JS SDK.