How to properly handle session and access token with Facebook PHP SDK 3.0?
Solution 1:
I'm using now PHP SDK 3.x without any problem.
Naitik the class author removed the getSession() function, and now if you want to know if the user is authenticated or not, use getUser().
For Access token, it's very simple, use this function getAccessToken(), and you'll get the access token to make Graph or Rest API calls.
$user = $facebook->getUser();
if ($user) {
//USER Logged-In
}
else {
//USER not Logged-In
}
//TO GET ACCESS TOKEN
$access_token = $facebook->getAccessToken();
//MAKE AN API CALL WITH IT
$user_info = $facebook->api('me?fields=id,name,first_name,last_name&access_token='.$access_token);
Solution 2:
My solution
Well, since everything I did was just a workaround until the new JS SDK comes out, there seems to be no best practice. Setting session.use_trans_sid to 1 and adding the P3P header helped to overcome IE iFrame cookie issues (see my first edit). After a few days of heavy debugging I found out, that FB.ui's permission_request does not send a new access token everytime (<5%).
If this happens, something went wrong. But this little something is driving me crazy. Since this happens infrequently, I can bear redirecting users back to the facebook tab to get a new signed request. With the new JS SDK, hopefully, this won't happen anymore.
Update: final solution
There was one little thing I have overseen and the solution can be found here: FB is not defined problem
I did not load the JS SDK asynchronously! This explains everything. Sometimes the all.js file was not loaded fast enough, so there was a JS error. Due to that, neither the permission dialog nor the JS validation worked and an empty #session input value was sent.
Solution 3:
For starters, I would debug a little more. Log the contents of the requests. What’s stored in $_SESSION, what’s passed in $_REQUEST. Also, check if it’s a browser issue (is it happening regardless of the browser, or is there a pattern?)
But since fixing the cookie issue in IE (P3P header) helped, my guess is that there are some browsers left, that deny third party cookies. As far as I know, some versions of Safari and Opera does that by default.
In addition, this error states that there was no access_token provided, as opposed to invalid or expired one.
You can test that by disabling third party cookies (using about:config in firefox for instance), deauthorizing your app (using the "Apps and websites" section on the bottom of Facebook Privacy settings), deleting cookies (related to your canvas URL) and then launching the application.
BTW, there’s always a possibility of facebook not returning access token even when it should, as described in bug 17236
Solution 4:
Hi i've run in the same trouble seems i've solved it with watching the JS API and redirect to the PHP-SDK Login Page if User Information is readable
example:
<script language="JavaScript">
function check_fb_status(){
FB.api('/me', function(response){
if(response.name) window.location='<?php echo $facebook->getLoginUrl(); ?>';
else check_fb_status();
});
}
check_fb_status();
</script>
if the script succed it loads the loginpage, and user got recognized by both JS and PHP SDK ;)