Getting the facebook session at the server side if we login using JS SDK

Question

Friends,

I have set up a facebook login for my website using JS SDK.

1. If the use is logged in through JS SDK, should we cross verify whether the session

Answer 1

The php sdk and the javascript are the completely opposite, of what Julian H. Lam said, in fact they were build to be used together.

On the php sdk documentation you can find this:

Integration with the Facebook SDK for JavaScript

Used in conjunction with the Facebook SDK for JavaScript, the PHP SDK can share user sessions seamlessly across the client and server. If a user is logged in with Facebook and has authorized your app, the JavaScript SDK can pick up the user session persist this in a cookie which, which the PHP SDK reads without any intervention on the developer's part.

To enable this functionality, ensure that when you embed and initialise the JS SDK, you set both the status and the cookie parameters of the object passed to FB.init() to true.

And by using basic logic this makes all sense, on the client side you can create listeners to retrieve user status(if he's logged in, if he has granted permissions, if he has logout), doing this kind of actions on the server side doesn't make any sense at all.

So my advice for you is to use Javascript SDK to handle user events, like the ones I mentioned before, and to handle the responses from the actions of the users, like when the user does a like, or shares a post using the feed dialogue, etc. With the php SDK you just check if you have a valid user, since you're sharing the same cookie for the client side and for the server side after you handle the login proccess with the javascript SDK, if you do this $fb_id = $facebook->getUser() (after initializing the PHP SDK of course), you'll get the user facebook id, now that you know you have a valid user, you can use the PHP SDK to query information about the user, post on user behalf, etc.

Here's an example of a proper loading of the javascript SDK with cookie support:

And this is a simple code on the server side just to enlighten you:

require_once("facebook.php");

$config = array();
$config[‘appId’] = 'YOUR_APP_ID';
$config[‘secret’] = 'YOUR_APP_SECRET';
$config[‘fileUpload’] = false; // optional

$facebook = new Facebook($config);
try {
    $user_profile = $facebook->api('/me','GET');
    $user_name = $user_profile['name'];
    $user_email = $user_profile['email'];

} catch(FacebookApiException $e) {
    // If the user is logged out, you can have a 
    // user ID even though the access token is invalid.
    // In this case, we'll get an exception, so we'll
    // just ask the user to login again here.
}

PS: this server side code, only works if the user has already granted permissions with the scope email