问题
I am facing a very strange issue. I have developed a Facebook iframe application almost a year back. I am using facebook-php-sdk for getting logged in user session and other details. I recently made some changes and used the new facebook OAuth based API. But I am now facing a problem, when user logs out from Facebook, still my iframe app is able to access its facebook session. The problem is only reproducible in IE.
I am using CodeIgniter framework and have referred this post. Here is the code snippet:
$this->facebook = new Facebook(array( 'appId' => $this->appId, 'secret' => $this->secretKey, 'cookie' => true, ));
$this->session = $this->facebook->getSession();
var_dump($this->session);
In output I get all the valid session values even after user is logged out. After trying many things, I created a new facebook application andd pointed the URLs to my same code. I modified the code and used AppId, Appkey and AppSecret provided by this new facebook app. Everything works fine now.
The settings in both facebook apps are absolutely same. The only change is the appURL and keys. This is strange behavior, and not an acceptable solution for me. I want my old facebook app to work with new Facebook API. why this is happening? Any idea?
回答1:
I had the same problem, and to fix this I had to manually destroy the facebook cookie (which contains the access token)
SO:
add:
$_COOKIE["fbs_" . $this->appId] = null;
before:
$this->facebook = new Facebook(...
so each time it creates a new facebook class it destroys the cookie form the old session first.
来源:https://stackoverflow.com/questions/4650805/session-does-not-invalidating-in-old-facebook-iframe-app