Delete facebook session cookie from my application on users logout

Question

I am working in an application which is using facebook connect to log in the users using their facebook account.

Everything works fine except in the following case:<

Answer 1

Make sure to use the following code:

$params = array( 'next' => 'https://yourUrl/logout' );
        $data['logoutUrl'] = $this->facebook->getLogoutUrl($params);

to redirect the page to a logout controller or a page and then kill the sessions on that page.

Answer 2

In the current version of the Facebook SDK you need to use

$fb_key = 'fbsr_'.$facebookConfig['app_id'];
setcookie($fb_key, '', time()-3600);
$facebook->destroySession();

I tried clearing out the cookies and the session manually, and it still didn't work for some reason (see Facebook PHP: After user logs out of facebook, they can't login to my app with another user). Using the above solution was what worked in the end.

Answer 3

For some reason you can't delete the cookie, even though you obviously have permission to read it (because you had to read the access_token).

But anyhow: This issue just comes up on localhost. On your Server you shouldn't run into the issue! The cookie also doesn't get deleted on your server, but it is not recognized as a valid access_token, when you try to login again.

Answer 4

I had the same problem and neither of the solutions i came up in the web worked for me. Then suddenly another app with the same code worked fine, so i checked the advanced settings in the app and it worked when i changed: OAuth 2.0 for Canvas ENABLED, Timezone-less events ENABLED and Upgrade to Requests 2.0 ENABLED

Hope it helps

Answer 5

As you said ;) it's about the cookie your local script sets, not one on Facebook.com, so your question is legit.

I run into the same issue here. The PHPSDK does not give you the possibility to delete the cookie. So either you have to run the whole session without cookie:

$facebook = new Facebook(array(
    'appId'  => FB_APPID,
    'secret' => FB_APPSECRET,
    'cookie' => false,
));

or you redirect the user to the logout URL at facebook:

header('Location: ' . $facebook->getLogoutUrl(array('next'=>URL_AFTER_LOGOUT))');

The only problem seems to be that the user is logged out from Facebook too.

If you can use Javascript try this:

<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
 FB.init({appId: '<?php echo FB_APPID;?>', status: true, cookie: true, xfbml: true});
 FB.Event.subscribe('auth.logout', function(response) {
    window.location.href='YOUR_LOCAL_LOGOUTSCRIPT';
 });
</script>

Answer 6

I was having trouble with this too, and contrary to Efazati's answer, my trouble was with cookies set on my own domain by the Facebook php api library. The thing that I was overlooking was when deleting the cookie, using the exact domain and path that the cookie was set with. This is the line that successfully deleted the cookie for me.

setcookie("fbs_" . $app_id, '', time()-3600, "/", ".mydomain.com");

tgriesser's comment was also helpful.