我正在使用适用于 ColdFusion 的 affinitiz Facebook API https://github.com/affinitiz/facebook-cf-sdk 来开发 Facebook 应用程序,但我在身份验证后遇到了真正的问题。
API 很好地抓取了应用程序 cookie,我登录了,但只有在对模板的额外调用的帮助下,如果你愿意,可以重新加载。重新加载后一切就绪,我可以使用访问令牌获取用户会话。
我已将 API 调用放在 OnRequest 事件的 Application.cfc 中。
所以这是奇怪的事情,无论我从 ColdFusion 对 API 进行多少次调用,唯一能让我获得最新 App Cookie 的方法是重新加载模板(我使用 JavaScript 作为一种解决方法)。
就好像 App cookie 以某种方式被缓存并且仅在重新加载时刷新,即使用户已通过身份验证。
回顾一下,过程如下:
- 请求事件
- API 抓取 cookie
- 所以我们重新加载
- 请求事件
- API 抓取 cookie
- 我们有 Facebook UID 和 access_token。
这些是 Application.cfc 中的会话 cookie 设置。
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = true />
<cfset THIS.ClientManagement = true />
谢谢你的帮助!
OnRequest 代码非常广泛,但这里有:
import facebook.sdk.FacebookApp;
import facebook.sdk.FacebookGraphAPI;
// Replace this with your appId and secret
APP_ID = "zzz";
SECRET_KEY = "zzz";
API_KEY = "zzz";
session.appID = APP_ID;
session.apiKey = API_KEY;
// Create facebookApp instance
//this.utils.runTimer("facebookAuth-newfacebookApp","start");
facebookApp = new FacebookApp(appId=APP_ID, secretKey=SECRET_KEY);
//this.utils.runTimer("facebookAuth-newfacebookApp","stop");
session.fbApp = facebookApp;
// We may or may not have this data based on a URL or COOKIE based session.
//
// If we get a session here, it means we found a correctly signed session using
// the Application Secret only Facebook and the Application know. We dont know
// if it is still valid until we make an API call using the session. A session
// can become invalid if it has already expired (should not be getting the
// session back in this case) or if the user authenticated out of Facebook.
//this.utils.runTimer("facebookAuth-getUserSession","start");
userSession = facebookApp.getUserSession();
//this.utils.runTimer("facebookAuth-getUserSession","stop");
authenticated = false;
if (structKeyExists(userSession, "uid")) {
if(structKeyExists(session.fbUserSession,"uid")){
if(userSession.uid NEQ session.fbUserSession.uid){
// reset session variables;
}
}
session.fbUserSession = userSession;
try {
facebookGraphAPI = new FacebookGraphAPI(userSession.access_token);
session.fbGraphAPI = facebookGraphAPI;
session.fbGraphAPI = facebookGraphAPI;
if (NOT session.fbAuthenticated){
session.fbAuthenticated = true;
session.justLoggedIn = true;
}
session.fbLoginCounter = 3;
authenticated = true;
} catch (any exception) {
// Ignore exception (OAuthInvalidTokenException), usually an invalid session
} finally {
facebookGraphAPI = new FacebookGraphAPI();
}
} else {
facebookGraphAPI = new FacebookGraphAPI();
session.fbUserSession = StructNew();
//this.utils.runTimer("facebookAuth-FacebookGraphAPI-else","stop");
}
session.parameters = structNew();
session.parameters["req_perms"] = "publish_stream, email";
然后我可以通过会话访问 FB cookie。