PHP Classes

Logout / Force recheck

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  Logout / Force recheck  >  (Un) Subscribe thread alerts  
Subject:Logout / Force recheck
Summary:Once the user is authenticated via FB Oauth, can't log out.
Messages:4
Author:Emre Sururi
Date:2014-11-07 11:27:21
 

  1. Logout / Force recheck   Reply   Report abuse  
Picture of Emre Sururi Emre Sururi - 2014-11-07 11:27:21
The FB authentication is done successfully but then even after the user logs out from facebook itself, he is still taken for granted in my website staying logged in. What is the necessary procedure to allow him to be logged out?

  2. Re: Logout / Force recheck   Reply   Report abuse  
Picture of Emre Sururi Emre Sururi - 2014-11-07 12:30:02 - In reply to message 1 from Emre Sururi
I think I managed to achieve the effect by unsetting $GLOBALS[_SESSION][OAUTH_STATE] & $GLOBALS[_SESSION][OAUTH_ACCESS_TOKEN]

e.g.,
if($_GET[logout])
{
unset($GLOBALS[_SESSION][OAUTH_STATE]);
unset($GLOBALS[_SESSION][OAUTH_ACCESS_TOKEN]);
}

This way, if the user has logged out from Facebook, he is asked to re-login; if he's still logged in to facebook, no effect as the check via the graph succeeds.

  3. Re: Logout / Force recheck   Reply   Report abuse  
Picture of Emre Sururi Emre Sururi - 2014-11-07 14:47:34 - In reply to message 2 from Emre Sururi
and the most radical way:
$_COOKIE = Array();
$_SESSION = Array();

  4. Re: Logout / Force recheck   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2014-11-07 19:06:51 - In reply to message 1 from Emre Sururi
The user being logged in has nothing to do with OAuth tokens. These are often used to access the API when the user is not present.

What you can do is to call ResetAccessToken function so the class cleans the stored tokens, although they are still valid until they expire.