Home/ Questions/Q 6824773
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T21:56:31+00:00

I am thinking of tying in a Facebook JavaScript-based application with an existing website

  • 0

I am thinking of tying in a Facebook JavaScript-based application with an existing website that has it’s own user accounts, but have a question about a specific user situation.

The website is run almost 100% of the time from ‘shared’ computers, like those found in a career center. User A comes to my website, signs into the site and then authorizes the Facebook app, which stores their session in the browser, along with, effectively, signing them into Facebook.com.

User A now leaves my application by signing out of my site – but not closing the browser.

User B arrives, logs into my site with their login, but the Facebook session is still active (due to the browser staying open), so any FB app integrations I’ve included will show as if it is still user A, correct?

So the question is, what are the recommended ways to deal with this? Two options come to mind:

  1. When the user signs out of my website, I fire an FB.logout call, so that all of the sessions are killed. Pros – I can ensure that user’s signing into the site will not have old sessions hanging around. Cons – a user who is returning shortly after leaving will have to re-login to FB as well as my site to see the FB integrations – I’d love to avoid the user ALWAYS having to do two logins. Secondly, forcing the FB.logout when they leave my site kills any active sessions they have at facebook.com, which makes for a bad user experience as they would not ‘get’ why logging out of my site has anything to do with facebook.com, and will then have to re-signin to facebook.com.

  2. The second option would be that when the user authorizes the FB app, I take their member ID and store that locally and persistently (database). Then, when a user returns to the site and signs in, I check their FB auth status, and if logged in to FB, pull their member ID and check it against the one I have stored locally. If they match, I have the correct user, if not, I do FB.logout and have them sign in to FB. Pros – this should ensure I always have the correct user to the site. Cons – not sure if getting, storing the member ID is feasible.

Any suggestions or pointers to the ‘best practice’ when it comes to ensuring that the current user is indeed the one associated with the FB account, specifically in this ‘shared computing’ situation where sessions may overlap?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The second option looks to me to be the better choice. You can indeed store the users facebook id. By storing it locally i’m assuming you are talking using a cookie; however storing in a database is just as feasible.

    Facebook user id’s should be stored with a BIGINT(20) data type – such are the recommendations from facebook.

    Taken from the user section of the facebook api refrence :

    Looks like they changed their recomendations…

    • 0