I’ve a situation where i create my own session variables while users log in to my application.
And whenever my users log out from my application , i clear my own sessions and then call the fb logout also..
$facebook = new Facebook(array(
'appId' => $this->key,
'secret' => $this->secret,
));
$logoutUrl = $facebook->getLogoutUrl(array('next' => my url));
Yii::app()->request->redirect($logoutUrl);
But while my users go to the application through canvas, and if they logout from facebook itself then i couldn’t track when they logged out of the facebook. So my session values remain there and when i login again with some other user, the old session in alive.
how can i handle this? Is there any way to find out the event of users logging out from facebook and i can remove my session also?
What problem is the old session causing? Normally I wouldn’t expect logging in as a different user to cause any problems even if a previous session from another user still existed, because the act of logging in again would “reset” any session values with those belonging to the new user. Or if it is simpler, the act of logging in would clear any existing sessions and start a new one.
Something similar should normally be in place for canvas access. In that case, receiving a signed_request parameter could be considered a new login action, clearing any old session values or at least checking if they matched the current user.
If some other problem is being caused by sessions hanging around (like maybe showing people as connected who really aren’t) then you may need to implement a periodic process that clears sessions away based on some inactivity threshold. It’s not elegant but it’s the only way to catch something like the user not logging off at all but just closing their browser.