CakePHP Facebook Plugin logged in as other user?

0
votes

I am experiencing a very odd behaviour. I built my application with CakePHP and I use Nick Baker's Facebook Plugin.

When I log in, everything works ok. When somebody else logs in, again, everything works fine. But if someone logs in in the same time I am logged in, the correct User id is remembered in Auth for that User, but the Facebook data is taken from my account.

So, if I have User id 1 and John has user id 2 and each one of us logs in the application in the same time, the correct IDs are stored in the Auth Component (1, respectively 2). But if I visit a page which shows data from the corresponding profile, I see my picture and my Facebook data, but John also sees my picture and my data, instead of his.

Why is this happening? I really need help with this as it's beyond my understanding.

Thank you very much!

2
facebookcakephp

2 Answers

0
votes

Do you have caching enabled? The web server might give a cached version of the page to the other user.

0
votes

I have a similar problem and i think it is due to the access_token being saved in the user session. Since Facebook and my app reside at different domains the app session isn't destroyed when the user logs out from Facebook. I resolved this temporarily by calling $this->Session->delete('FB'); in the beforeFilter of my controller, like this:

public function beforeFilter() {
    parent::beforeFilter();
    $this->Session->delete('FB');
}

I think this makes the plugin request a new access_token on each request which is not optimal but works. Please correct me if i'm wrong.