I am implementing “login with facebook” feature using php sdk, i am able to grab user profile details. But after that user remains logged in. Suppose user is accessing my site and after using “login with facebook” features he leaves immediately, then next person sitting there can use(misuse) previous persons account.
1)How can i automatically logout user after fetching what i needed (I dont want to show user “facebook logout” button).
2) Is there any way i can only logout user from my app and not facebook logout ? (i mean if user is already using facebook in another tab then it should only logout users facebook session from my app.)
I am implementing login with facebook feature using php sdk , i am able
Share
Assuming all the usual security measures are in place (session timeouts apply to FB logins, doesn’t leak FB data across distinct PHP sessions, logging out of your site clears FB session data or moves to a login/front page with no FB access), websites with Facebook integration generally don’t bother securing their FB integration on a per-request basis. It’s the user’s own fault if they leave a browser window open and logged into your website, there’s not a lot you can or really should do about that kind of mistake.
All that being said, you can call getLogoutUrl and then redirect the user to that URL to log them user out of the current session, OR you can use the JavaScript SDK’s
FB.logout(). Both options are mentioned here.