Facebook PHP SDK: getAccessToken not correct on refresh

3
votes

On my facebook app, I'm logging a user in using the Javascript SDK. If OK, I redirect him to this PHP page (designed to illustrate my problem):

test.php:

<?php
include('config.php');
require('phpsdk.php');

$access_token = $facebook->getAccessToken();
echo $access_token;
echo "<br /><br />";
$user = $facebook->getUser();
echo $user;
?>

(phpsdk.php handels the PHP SDK initiation)

Accessing test.php the FIRST time, returns a valid access token and the ID of the logged user. However, when I refresh the page, the access token becomes of the type appID|appSecret. The user is still logged in: getUser still returns the correct user ID.

Anyone knows what's causing this?

2
facebookfacebook-php-sdkfacebook-oauth

2 Answers

0
votes

It is not recommended to call getAccessToken(); over and over the way you described.

You should try first to see if the token is in the browser as a session and if not then try to use the SDK to find or request it.

  1. Check browser for a user, if no user call sdk for user, if still null or 0 auth or reauth.
  2. If user, check browser for access_token, if no token call sdk for token.
<?php
session_start();
include('config.php');
require('phpsdk.php');
    // need to replace Your_App_ID and YourAppId with your applications id. 
    $facebook = new Facebook(array(
        'appId'  => 'Your_App_ID',
        'secret' => 'Your_App_Secret',
        'cookie' => true, // enable optional cookie support
    ));    
    if(isset($_SESSION['fb_YourAppId_user_id'])){
        $user = $_SESSION['fb_YourAppId_user_id'];  
    }else{
        $user = $facebook->getUser();
    }
    if($user){
        if(isset($_SESSION['fb_YourAppId_access_token'])){
            $access_token = $_SESSION['fb_YourAppId_access_token'];
        }else{
            $access_token = $facebook->getAccessToken();
        }
    }   
echo $user;
echo "<br /><br />";
echo $access_token;
?>
1
votes

Clearing the Facebook Session with php sdk in redirect when user logs out.

Logout.php redirect user and use sdk to clear session data.

example redirect url. yourdomain.com/Logout.php?destroy=true

refer to: https://developers.facebook.com/docs/reference/php/facebook-destroySession/

<?php
session_start();
require './src/facebook.php';
$facebook = new Facebook(array(
  'appId'  => 'appID',
  'secret' => 'appSecret',
  'cookie' => true, // enable optional cookie support
  ));
 if(isset($_GET['destroy'])){
   $facebook->destroySession(); 
 }
?>