for some reason no matter what I do, this is always returning a valid ID and Facebook information. To logout, I am using Facebook.Logout, redirecting to a page where I clear ALL cookies including "fbsr_" ones. I even logged out of Facebook manually and it is still returning a valid ID! This is for a Facebook Connect application. Here is my app code,
$uid = $facebook->getUser();
if ($uid) {
try {
$me = $facebook->api('/'+$uid);
} catch (FacebookApiException $e) {
echo $e;
error_log($e);
$uid = NULL;
}
}
Then my PHP logout code,
$app_id="XXXX";
session_name('QEW');
session_start();
session_regenerate_id(true);
session_unset();
session_destroy();
$facebook->destroySession();
if (isset($_COOKIE['fbsr_' . $app_id]))
{
setcookie('fbsr_' . $app_id, $_COOKIE['fbsr_' . $app_id], time() - 3600, "/");
setcookie('PHPSESSID', $_COOKIE['PHPSESSID'], time() - 3600, "/");
unset($_COOKIE['fbsr_' . $app_id]);
unset($_COOKIE['PHPSESSID']);
}
EDIT My Javascript code,
window.fbAsyncInit = function() {
FB.init({
appId:'XXX', cookie:true,
status:true, xfbml:true, oauth:true,
channelURL:'~~.com/channel.html'
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
function login(io)
{
FB.getLoginStatus(function(response)
{
if(response.status == 'connected')
{
if(io==1)
{
FB.login(function(response)
{
if (response.authResponse)
{
cU(response.authResponse.userID);
}
},{scope:'email'});
}
else
{
FB.logout(function(response){});
window.location="./logout.php";
}
}
else
{
FB.login(function(response)
{
if (response.authResponse)
{
cU(response.authResponse.userID);
}
},{scope:'email'});
}
});
}
Then after "logging out", I go to another page that calls the first block of code again, and it just repopulates the cookies because it gets a valid user id back. how can I fix this? Thanks