When coming back from the Facebook JS SDK login() call I get a cookie set on my side as:
ex. (I’ve changed the characters some)
fbsr_17066472650000: edmYrII1FpD8TfeBCDcgO5ri0aRDFfh5e4efESdXlaU.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNuVW1aS3A4U3p0a0RmNzhLR1FwTE5wSHpasdfafdasdfaVnVfOWo3c01oUFRaYVhjR3FTUFRFRHJrX2Ezasdfadadfasfasfda5ZektURV9xQWxaREV1WlVVZ2hFcDJTVVc4ZVB6d2tmRTVhRHY0RXpRdVhFa0xMd3hKS3gxckMyV1Y4aks1cmtNSHFWZVBaMWpQQklrQkVORDh4ZWtQd0pxUDlLYmMiLCJpc3N1ZWRfYXQiOjEzMjQ0ODUwNjksInVzZXJfaWQiOiI1MTUxNzcxNDcifQ
Is it correct to say that this string breaks down as:
fbsr_{appId}:{token}
Is this the real token? or do I need to encrypt/decrypt something?
Lastly, how can I redirect to another page after the login using something like:
window.location.href='foo.php';
UPDATE 1:
I get this back in my server-side decrypt process. It doesn’t seem correct. Or is this what I should expect? (note: I changed some of the data slightly)
{"algorithm":"HMAC-SHA256",
"code":"AQDnemhHwRHAv1pSI2TjKkO4x36GasdfadfasfdQKJn6Sqh8qgJNnCtzA5C41Y5TvRIp94BWQNTprLVyc4PHmYCPG0jOxkUpJ3RnviYW3p-f9lbWn32qkv7NZv-8T42j6_X3l4IMjH-Nthh7LAIaiy8YradJmRzXQwaKpDP5TP6JssrMFbHYYnRrMA",
"issued_at":1324491454,
"user_id":"515100000"}
What you call token is actually a
signed_requestwhich is encoded session details for user.And the redirection you want after user is logged in can be triggered by providing
redirect_uriargument of Facebook Login Dialog url.For more info read Facebook Authentication documentation
While you need to do decryption on the
signed_requeston the server side (PHP-SDK can be used for this) on the client side it’s not really needed if you using Facebook JavaScript SDK which providesFB.getAuthResponseandFB.getLoginStatusto get user session details.