开发者

CodeIgniter - Is my custom session data being stripped by Facebook?

I'm wondering if there's a way to dump all of the values of

$this->session->userdata() 

so I can troubleshoot?

I'm working within Facebook, and have a login page, and once that's successful I want to pass around the UID of the current user, and I thought this would work well.

I currently have the uid set as follows:

require_once 'facebook.php';
$appapikey = 'XXXX';
$appsecret = 'XXXX';
$facebook = new Facebook($appapikey, $appsecret);
$user_id = $facebook->require_login();
$this->db->like('uid', $user_id);
$this->db->from('users');
$has_signed_up = $this->db->count_all_results();

if ($has_signed_up == 0) {
redirect('/setup/signup/', 'location');
}
else {
$this->session->set_userdata('uid', $user_id);
redirect('/preferences/index/', 'location');
}

So the redirection occurs, and I have a very simple setup over at preferences/index:

    echo "this is the preferences form <br />";
    echo $this->session->userdata('uid');
    echo $this->session->userdata('session_id');

And the result is an inscrutable:

this is the preferences form
858f500e167e359edc1942a96f3bac35

So it totally skips over the middle echo containing the uid. Am I not setting this correctly? Is there a way to dump all values of the session array to see what's getting through? Any help would be just great.

UPDATE

I have run var_dump($this->session->userdata) on each the raw website and through Facebook.

On the website it exposes all set values in an array containing 5 values (session_id, IP, User_agent, last_activity, and uid).

Within the Facebook chrome however, it only shows the 4 values set by CodeIgniter. I've heard cookies can only be 4k and that encryption could be a problem. Could FB be filling up cookies with its own encrypted (read:larger) data?

UPDATE 2

When I comment o开发者_开发百科ut the redirect, and just have:

  else {
  $this->session->set_userdata('uid', $user_id);
  echo ':test_'.$this->session->userdata('uid').'_test:';
  //redirect('/preferences/index/', 'location');
  }

It dutifully returns :test_1234_test: within Facebook. So somewhere during the redirect it's losing this part of the array (but not the whole array).

Is it possibly just creating a new session on the redirect page? So that's why it only has the four "stock" variables? If this is the case, I'll need to research how it creates the sessions, and if Facebook clears cookies I suppose.

UPDATE 3

So I've turned to using a DB to store session information instead of cookies, thinking FB was either stripping them or colliding with them. I currently have the app set up to

  1. Set $user_id = 1234
  2. $this->session->set_userdata('uid', $user_id)
  3. Redirect to the new page
  4. Var_dump all possible information

What occurs in the DB is this: DB records http://nikolausjj.facebook.joyent.us/Picture2.png

So it creates one good record, with the user data, then immediately upon the redirect creates a new session without recognizing the prior one. Can someone explain where the CI framework checks to see if it has a prior session existing? The user manual explains it as "magic" basically.


You can use var_dump() to output the session. Something like this

var_dump($this->session);

The set_userdata call looks ok. Are you sure $user_id is set. Because the echo is surley executed but uid isn't set or set to empty string.

Try replacing the echo with

echo ':test_'.$this->session->userdata('uid').'_test:';

Other information helpful for answering

  • What browser are you using?
  • Do you have an underscore _ in your domain name?
  • Are you using CI sessions or some wrapper for native PHPsessions
  • Is the value for uid also lost/not set when you comment out the redirect?

Other suggestions:

  • try redirect('/preferences/index/', 'refresh'); instead of location
  • I'm not familiar with facebook development but is /preferences/index under your control? If yes try removing (if present) $this->load->library(‘session’) and instead load it in autoload.php.
  • try changing $config[‘sess_match_ip’] to `FALSE
  • try setting $config[‘sess_encrypt_cookie’] to FALSE
  • try replacing the use of CI-Session with CI Native session
  • Is UID sensible information if not store it in a cookie. If it matters if it can be spoofed don't.


I didn't solve how to pass session variables from one page to another via Facebook. My solution was simply to call the Facebook API for the user's UID again on each page. Not great programming, but it works alright for me. :-/

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜