How to Properly Handle Session and Access Token with Facebook PHP Sdk 3.0

  • Home
  • Languages
  • PHP
  • How to Properly Handle Session and Access Token with Facebook PHP Sdk 3.0

How to properly handle session and access token with Facebook PHP SDK 3.0?

My solution

Well, since everything I did was just a workaround until the new JS SDK comes out, there seems to be no best practice. Setting session.use_trans_sid to 1 and adding the P3P header helped to overcome IE iFrame cookie issues (see my first edit). After a few days of heavy debugging I found out, that FB.ui's permission_request does not send a new access token everytime (<5%).

If this happens, something went wrong. But this little something is driving me crazy. Since this happens infrequently, I can bear redirecting users back to the facebook tab to get a new signed request. With the new JS SDK, hopefully, this won't happen anymore.

Update: final solution

There was one little thing I have overseen and the solution can be found here: FB is not defined problem

I did not load the JS SDK asynchronously! This explains everything. Sometimes the all.js file was not loaded fast enough, so there was a JS error. Due to that, neither the permission dialog nor the JS validation worked and an empty #session input value was sent.

How to login with OFFLINE_ACCESS using the new Facebook PHP SDK 3.0.0?

With the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.

Get the offline access token

First you check if the user is logged in or not :

require "facebook.php";
$facebook = new Facebook(array(
    'appId'  => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
));

$user = $facebook->getUser();

if ($user) {
  try {
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    // The access token we have is not valid
    $user = null;
  }
}

If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :

if (!$user) {
    $args['scope'] = 'offline_access';
    $loginUrl = $facebook->getLoginUrl($args);
}

And then display the link in your template :

<?php if (!$user): ?>
    <a href="<?php echo $loginUrl ?>">Login with Facebook</a>
<?php endif ?>

Then you can retrieve the offline access token and store it. To get it, call :

$facebook->getAccessToken()

Use the offline access token

To use the offline access token when the user is not logged in :

require "facebook.php";
$facebook = new Facebook(array(
    'appId'  => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
));

$facebook->setAccessToken("...");

And now you can make API calls for this user :

$user_profile = $facebook->api('/me');

Hope that helps !

Handling Facebook SDK 3.0 Session lifecycle in Android

First a comment about your code: you dont' need to do the if (myPreferences.getFacebookToken) block at all. The SDK already stores the access token for you, and will use the stored data if it's available. You don't need to explicitly pass it to the Session.

Now, onto answering your question. Calling openActiveSessionFromCache is pretty much exactly what you're looking for. If the user has previously authorized with facebook, and you haven't called closeAndClearTokenInformation, then calling openActiveSessionFromCache will log them in quietly. So if you get a non-null Session from that call, then you know they're a facebook user, and they've already authorized your app. If you get a null Session, then they haven't auth'ed your app yet, and you should present them with all the login choices.

Get/store Facebook access token from REQUEST in PHP SDK 3.0

Found out how this works. The SDK doesn't set my SESSION when calling setAccessToken(), I have to set it manually and it will work.

Can an access token returned by Facebook to the Javascript SDK work server-side with the PHP SDK?

Yes, this should work. Look at this question: How to properly handle session and access token with Facebook PHP SDK 3.0?

This is a workaround for the old JS and new PHP SDK. In my app I send the access token generated by the JS SDK via a form to my PHP. I have no doubts that this also works by sending the access token via ajax!


Related Topics

Setting a Connect Timeout with Pdo

Max_File_Size in PHP - What's the Point

In PHP, How to Check If a Function Exists

PHP Localization Best Practices? Gettext

How to Get the Value of a Private Property with Reflection

How to Set the Cookie Content with Curl

How to Handle Diacritics (Accents) When Rewriting 'Pretty Urls'

Transfer Variables Between PHP Pages

How to Calculate Time Difference in PHP

Disable Browser Cache in PHP or JavaScript in a Flash Application

Belongstomany Relationship in Laravel Across Multiple Databases

Warning: Array_Combine(): Both Parameters Should Have an Equal Number of Elements

Mysql_Insert_Id() Returns 0

3Rd Party Dependency Conflict in Developing Wordpress Plugin

Hide Variation Info from Cart Item Title in Woocommerce 3+

How to Generate Random Password with PHP

PHP Date Add 5 Year to Current Date

PHP Can Static:: Replace Self::


Leave a reply



Submit