Search code examples
facebookuserid

$facebook->getUser() ALWAYS Returning ID - Can't Logout

for some reason no matter what I do, this is always returning a valid ID and Facebook information. To logout, I am using Facebook.Logout, redirecting to a page where I clear ALL cookies including "fbsr_" ones. I even logged out of Facebook manually and it is still returning a valid ID! This is for a Facebook Connect application. Here is my app code,

$uid = $facebook->getUser();

if ($uid) {
  try {
    $me = $facebook->api('/'+$uid);
  } catch (FacebookApiException $e) {
      echo $e;
    error_log($e);
    $uid = NULL;
  }
}

Then my PHP logout code,

$app_id="XXXX";
session_name('QEW');
session_start();
session_regenerate_id(true);
session_unset();
session_destroy();
$facebook->destroySession();
if (isset($_COOKIE['fbsr_' . $app_id])) 
{
      setcookie('fbsr_' . $app_id, $_COOKIE['fbsr_' . $app_id], time() - 3600, "/");
      setcookie('PHPSESSID', $_COOKIE['PHPSESSID'], time() - 3600, "/");

      unset($_COOKIE['fbsr_' . $app_id]);   
      unset($_COOKIE['PHPSESSID']);
}

EDIT My Javascript code,

window.fbAsyncInit = function() {
    FB.init({ 
        appId:'XXX', cookie:true, 
        status:true, xfbml:true, oauth:true,
        channelURL:'~~.com/channel.html'
        });
};
(function() {
            var e = document.createElement('script'); e.async = true;
            e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
            e.async = true;
            document.getElementById('fb-root').appendChild(e);
          }());
function login(io)
{
    FB.getLoginStatus(function(response)
    {
        if(response.status == 'connected')
        {
            if(io==1)
            {
                FB.login(function(response) 
                {
                  if (response.authResponse) 
                  {
                     cU(response.authResponse.userID);
                  }
                },{scope:'email'});
            }
            else
            {
                FB.logout(function(response){});
                window.location="./logout.php";
            }
        }
        else
        {
            FB.login(function(response) 
            {
              if (response.authResponse) 
              {
                 cU(response.authResponse.userID);
              }
            },{scope:'email'});
        }
    });
}

Then after "logging out", I go to another page that calls the first block of code again, and it just repopulates the cookies because it gets a valid user id back. how can I fix this? Thanks

Solution

  • You delete cookie by php. After that on next request JS API restores it.

    The only and valid way to logout from facebook is to redirect user to logout url:

    echo $facebook->getLogoutUrl();

    or the same from the client JS API FB.logout();