Facebook login and session problem

PHP
1

I am trying to implement facebook login.
Upon logging in I use the user’s email(I get it by the facebook graph) to create a session.
The code for logging in is this(in short)…it takes account 2 scenarios…logging in with Fb and with a traditional form.

//check if user logs in via facebook
    if(isset($_GET['access_token']))
    {
   
    $user_profile = $fb->get('/me?fields=email',$_GET['access_token']);
    $user_data=$user_profile->getDecodedBody();
    $_SESSION['regular_user']=$user_data['email'];//the users's mail is got from facebook graph
   
}

//the code below runs when there is no session(it is destroyed on logout)
    if(!isset($_SESSION['regular_user'])){

           header("Location: ../Frontend/login.php");  
      }

The problem comes on logging out at which point a destroy the session and the user hits the browser back button.

At which point it goes to the page where its URL contains the Fb access token…and according to the way the code is structured above a login takes place…nonetheless this must not happen cause the user has just logout.

How I could reorganize the code so as to avoid this…adding the scenario of creating a session with Fb login complicates things.

2

Could you set a session when they login eg $_SESSION[‘ok’]==‘1’

//check if user logs in via facebook

  if(isset($_GET['access_token']))
    {      
      if($_SESSION['ok']=='1'){  
    $user_profile = $fb->get('/me?fields=email',$_GET['access_token']);
    $user_data=$user_profile->getDecodedBody();
    $_SESSION['regular_user']=$user_data['email'];//the users's mail is got from facebook graph
   }else{ echo 'You already logged out';}
}

Then in the logout script just kill $_SESSION[‘ok’] and when they go back even though the get variable is still set you have removed the session so it won’t login in again.

3

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.