I’m trying to implement Facebook authentication into my web project. I’ve managed to get login working just fine, but I am unsure as to how to proceed further.
I need to continuosly make sure that the user is logged in and authenticated while using my application. In previous projects I’ve achieved this by storing userid and password in cookies and run a check against the mysql “users” table each time a php page was called.
I haven’t found any tutorial which describes how to do this with Facebook, as all the tutorials ends after login is complete.
I’m thinking of storing the FB_UID in a php session variable, and then check it against the mysql “users” table to see if it’s correct each time a php page is called. However I get a feeling that this is unneccessary, and that the FB session variables can be used for this purpose. Any thoughts or insights appreciated!
I will of course implement https when the site goes online due to php session security issues.
While authenticating a facebook user, if the
FB_UIDmatches youruserstable, have a php session variable store theFB_UIDand check if the php session variable is set or not, every time the page loads. Finally when the user logs out, unset the php session variable.