开发者

Facebook PHP SDK - Have to reauthenticate during new browser session?

Hopefully this shou开发者_开发知识库ld be quick and easy.

session_start();

include("facebook.php");

$facebook = new Facebook(array(
'appId'=>'xxxxx50274xxxxx',
'secret'=>'xxxxxb932d62fbc6287feb18e5exxxxx',
'cookie'=>true
));

$fbuser = $facebook->getUser();

if (empty($fbuser)){
    $fbloginurl=$facebook->getLoginURL();
    echo "<html><body><a href='$fbloginurl'>Click</a></body></html>
} else {
    die("Authenticated");
}

In this example, the first time I click the link to give permissions to the app to access my FB account, everything works fine. I can keep refreshing the page, and I get the "Authenticated" confirmation.

However, every time I restart the browser (starting a new session), it doesn't authenticate the app automatically and I have to click the link again. Of course as soon as I click the link I am immediately redirected back to the source page and presented with the "Authenticated" confirmation.

Is there any way of not having to click the authentication link during new browser sessions and have it authenticate automatically? I need to do this without a PHP Header directive, as I want the first time the user gives permissions to the app to be triggered by a manual click.

My FB login is persistent ("stay logged in" option is checked).

Thanks a lot for any help.


If I am understanding your scenario correctly (this is not an iframe app, correct?), this is all down to losing the website session cookie when the browser is closed. Once that cookie is gone, there is nothing to identify the user to your server-side code and so no way to know if the user has previously authorized your app.

You need to find a way to persistently identify the user, or at least identify that he has already given permissions. The simplest way would probably be to set your own (permanent) cookie once the user has first authenticated. Then whenever the session cookie is lost, check the presence of the permanent cookie and if it's there, do a PHP redirect to Facebook (which will be invisible to the user). If there is no cookie, present the HTML link to the user like you are doing now.


Comparing it to my code, the only difference I see is that I check to see if $fbuser is valid - if it isn't send me to the login screen. I'm also using top.location.href.

// Login or logout url will be needed depending on current user state.
if ($fbuser) {
        $logoutUrl = $facebook->getLogoutUrl();
       } 
else {
    $loginUrl = $facebook->getLoginUrl(array('scope' => 'publish_actions', 'canvas' => 1, 'fbconnect' => 0, 'redirect_uri'=>config_item('facebook_url').$pf));
    echo "<html><body><script> top.location.href='" . $loginUrl . "'</script></body></html>";
    exit(0);
     }

Hope that helps.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜