Home/ Questions/Q 5961265
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T18:56:26+00:00

My website uses Facebook connect for login and the session lifetime on my server

  • 0

My website uses Facebook connect for login and the session lifetime on my server is 3600.

I’m using Client-Side Flow (javascript) redirect to login.php, and login.php retrieve cookies (set by javascript) to get access token.

However, if a user is idled over 3600 seconds, the session on my server expires. ($_SESSION[‘uid’] does not exists.)
How can my login.php check the user has already logged in Facebook(not my app) or not?

The solution I’m using is to redirect the user to my javascript page, and “onStatus function” would be automatically trigged by facebook.

I’m searching for a solution which can all be done with login.php to automatically relogin my website if he or she has logged in Facebook (without redirecting to javascript page). Is is possible?

javascript:

FB.init({appId: 'MY_APP_ID', status: true, cookie: true, xfbml: true});

FB.getLoginStatus(function(response) {
    onStatus(response);
    FB.Event.subscribe('auth.statusChange', onStatus);
    FB.Event.subscribe('auth.login', reloadPage);
});

function onStatus(response) {
    if (response.session) {
        window.location.href = '/login?fb';
    }
}

function reloadPage(response) {
    if (response.session) {
        window.location.href = '/login?fb';
    }
}

PHP (for login):

function get_facebook_cookie($app_id, $app_secret) {
  $args = array();
  if(!isset($_COOKIE['fbs_' . $app_id]))
      return false;
  parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
  ksort($args);
  $payload = '';
  foreach ($args as $key => $value) {
    if ($key != 'sig') {
      $payload .= $key . '=' . $value;
    }
  }
  if (md5($payload . $app_secret) != $args['sig']) {
      return false;
  }
  return $args;
}

$cookie = get_facebook_cookie(MY_APP_ID, MY_APP_SECRET);

if($cookie){
    if($result = @file_get_contents("https://graph.facebook.com/me/?access_token=".$cookie['access_token'])){
        $result = json_decode($result, true);
        $_SESSION['uid'] = $result['id'];
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve figured out a way to do so. To iframe the following page in all pages.

    When the access token gave by facebook through cookie expires, page in iframe auto refresh.
    And FB.init() would set up a new access token(cookie) for my app.

    In my php files, just check the cookies as first connected.

    fb_keepalive.html:

    <div id="fb-root"></div>
<script type="text/javascript" src="https://connect.facebook.net/zh_TW/all.js"></script>
<script type="text/javascript">
FB.init({appId: 'APP_ID', status: true, cookie: true, xfbml: true});
FB.getLoginStatus(function(response) {
    onStatus(response);
});

function onStatus(response) {
    if (response.session) {
        var timestamp = new Date().getTime();
        var expires = response['session']['expires'] * 1000;
        if(expires - timestamp >= 0){
            setTimeout(function(){window.location.reload();}, expires - timestamp);
        }
    }
}
</script>
    • 0