Home/ Questions/Q 8774711
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T18:38:11+00:00

I am using the facebook php api to control the access to some parts

  • 0

I am using the facebook php api to control the access to some parts of my webapp. Basically I am just checking if the user is logged into facebook and the user authorize the app (basic permission) every time the page is load and then printing things according to the state.

Something like, if($check_user_lo_npe) { echo 'Welcome!'; }, simple as that. Well, everything is working fine, until I realize that if the user deletes the app from their users settings in facebook, which means the token gets invalidated, I am still getting a true response from the function check_user_lo_npe even if I know the token is invalid because as I said, the user deleted the app. This is how I am checking the permissions:

function check_user_lo_npe() {
    global $facebook;
    global $data;
    $fb_user_id = $facebook->getUser();
    if ($fb_user_id) {
    try {
        if(!isset($_SESSION['fb_user_profile'])) {
            $_SESSION['fb_user_profile'] = $facebook->api('/me');
            $temparray = $facebook->api('/me/friends');
            $_SESSION['fb_user_friends'] = count($temparray[data]);
        }
        $data->reg_user($_SESSION['fb_user_profile'],$_SESSION['fb_user_friends']);
        return array(true,'');
    } catch (FacebookApiException $e) {
        $fb_user_id = NULL;
        return array(false,$e->getMessage());
    }
    } else {
        return array(false,'');
    }
}

I need to realize when the user deletes the app so I can send them to the login screen again, the function is supposed to detect when there is an exception, but somehow I am not getting any… why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Those $_SESSION variables are set by your app, not by the Facebook SDK right?
    Without attempting to access the Facebook session you can’t be sure if that session is still active/

    If you need to check on each page whether there’s still an active Facebook session or not, look at FB.GetLoginStatus() in the Javascript SDK, or make an API call to (for example) /me/permissions to check your access token is still valid

    That said, it may be as easy to just have an exception handler which detects when an attempt to access Facebook’s API fails, and have it send the user through the authentication flow at that point.

    • 0