Possible to find out whether a user is logged into facebook over javascript API?
This question is not a duplicate of this one.
I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).
The reason is that I want to pring user comments in my html code so that search engines can index them.
When a user is logged into facebook I want to replace the html code with the facebook comments snippet.
If not an alternative old school comment form should be displayed.
I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, cou开发者_开发知识库ld be an admin account...) to have all the data synchronized.
I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.
My questions are:
Can I somehow find out if a user is logged into facebook?
Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?
There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point). Using the Javascript SDK, you can do:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
xfbml: true});
FB.getLoginStatus(function(o) {
if (!o && o.status) return;
if (o.status == 'connected') {
// USER IS LOGGED IN AND HAS AUTHORIZED APP
} else if (o.status == 'not_authorized') {
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
} else {
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
</script>
An aside: if XAuth had caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.
This article
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.
Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.
I also ran into similar requirements and solved my problem with following code; Using the Javascript SDK, I used FB object. FB is a facebook object, it has property called _userStatus, this can be used like following.
if(FB._userStatus == "connected")
{
// USER IS LOGGED IN AND HAS AUTHORIZED APP
}
else if(FB._userStatus == "notConnected"){
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
}
else if(FB._userStatus == "unknown")
{
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
The above code is very useful. It can be used in any part of the page as long FB object is not null.
精彩评论