Reputation: 14475
Where to find the Facebook cookie?
I'm kinda new to this so bear with me. I've installed a "Login with Facebook" button via the Javascript SDK, which works fine. I've also set up the PHP code (facebook.php) I can login successfully to Facebook via javascript but then can't access the UID from the session via php. So, how can I get php to access the session javascript sets? thanks
Edit: (Posting code from below here so it'll be easier to read)
I can console log the response and see it.
FB.getLoginStatus(function(response) {
console.log(response.session.uid);
});
Refresh the page, and try to access the session that was set via php, it comes up null.
require_once(RELATIVE_PATH.'applibs/facebook.php');
$config = array('appId'=>Config::$fb_app_id, 'secret'=>Config::$fb_secret, 'cookie'=>true);
$fb = new Facebook($config);
$fb->getUser(); // this will equal null because the $fb object isnt finding the cookie supposedly set by javascript
* Did some debugging in the facebook.php
on line 358...
$cookieName = $this->getSessionCookieName();
// retuns fbs_myNumericAppId, seems like that worked..
if (isset($_COOKIE[$cookieName])) {
// FAILS! there is no $_COOKIE['fbs_myNumericAppId']
That seems logical as how could logging into facebook.com know what my app ID is?
I also noticed after logging into facebook.com, there's NOTHING facebook related in $_COOKIE.
So, in order to log into facebook via facebook.com, then have a website notice that login, you have to run FB.login on a page load.
Then you have to set a cookie via the javacript info returned into $_COOKIE so the php can pick it up anywhere else.
Upvotes: 3
Views: 25095
Answers (1)
Reputation: 218877
I happen to have a blog post and some previous answers that may be of use to you as reference points.
Have you registered your site on Facebook as an "application"? If not, you'll need to do that. The cookie which Facebook sets that allows your site to access a user's information (once they've agreed to give your "application" access) uses a combination of your application's ID and "secret" (a long alphanumeric string that you must not share, or other applications would be able to impersonate yours) to set an encrypted value with the user's ID and an authentication token unique to the user and your application (representing the permission they've given you to their data).
The cookie is posted to your site alongside requests like any other cookie. You'd use your application's secret to decrypt it and extract the user's ID and authentication token, which you would then use to access data via Facebook's graph API.
Upvotes: 4
Related Questions
- Fail to retrieve facebook cookie with SDK v5
- Parsing the fbsr_cookie
- How to know if a user has a facebook account?
- How to get facebook cookie? (javascript)
- Facebook Cookie
- Where the session begins in Facebook authentication?
- Where is documentation for the format of the Facebook cookie?
- Facebook "fbs_APP_ID" cookie issues
- Update cookies for Facebook connect based site?
- Facebook connect and third-party cookies?