Facebook getUser() function returning user ID after logout

Question

I\'m developing using the Facebook PHP SDK.

I wanted to make it so that when the user logs out of Facebook, they will automatically be logged out of my website too.<

Answer 1

I have the same issue!

The FB PHP SDK saves those things into the $_SESSION! You can delete them like this when your user clicks logout:

$_SESSION['fb_'.APP_ID.'_user_id'] = '';
$_SESSION['fb_'.APP_ID.'_access_token'] = '';

Although this is not the final solution, it works for now.

I appreciate comments and solutions on that!

Answer 2

I want to give an alternative, in a way you don't have to handle session stuff. Although, I must warn you this is slower than cleaning up the session, because it relies on a new request. What we're doing in the code below is to check on Facebook if the token is still valid. Here it's:

try {
    $facebook->api('/me','GET');
    $logged = true;
} catch(FacebookApiException $e) {
    $logged = false;
}

In my case, I was doing everything using the JavaScript SDK, so I couldn't clean session on logout. But in my landing page, I was needing a work around to check it before send the response back.

If you're facing something like this, definitely a good solution.

Answer 3

The problem seems to be in php-sdk in basefacebook.php at line 567

         protected function getSignedRequestCookieName() {
         return 'fbsr'.$this->getAppId();}

This method returns the name of the cookie the sdk is looking for. However, javascript-sdk uses 'fbs_' prefix. Change this to 'fbs_' and it works fine.

return 'fbs'.$this->getAppId();}

Answer 4

$facebook->destroySession();

Answer 5

To destroy the session you can also use: $facebook->destroySession();