FB.getLoginStatus()需要刷新页面 [英] FB.getLoginStatus() needs page refreshed

问题描述

我正在使用FB.getLoginStatus()和FB.Login()使用Facebook将用户登录到我的网站.我首先使用FB.getLoginStatus()检查页面加载时的状态，并将状态保存在隐藏变量中.当用户单击我的facebook登录按钮时，我首先检查隐藏变量中的值，仅在未连接FB.getLoginStatus()的情况下才调用FB.Login().如果FB.getLoginStatus()返回已连接"，那么我只是在没有FB.Login()的情况下将用户登录到我的网站.

I am using FB.getLoginStatus() and FB.Login() to log the user into my website using facebook. I first check for the status on page load using FB.getLoginStatus() and save the state in a hidden variable. When the user clicks on my facebook login button, I first check the value in the hidden variable and call FB.Login() only if FB.getLoginStatus() is not connected. If FB.getLoginStatus() returns 'Connected', then I just log the user into my website without FB.Login().

我遇到的问题 *用户使用Facebook登录到我的accont *用户退出我的网站 *我的网站在注销状态下处于打开状态 *在另一个标签中，当前的Facebook用户退出了Facebook，新用户登录了Facebook *用户返回我的网站并单击Facebook登录按钮，而无需刷新页面 *旧的Facebook用户(不是当前登录的Facebook用户)已登录我的帐户

My scenario with issue *user logs into my accont using facebook *user logs out of my website *my website is open in the logged out state *in another tab, the current facebook user logs out of facebook and a new user logs into facebook *user comes back to my website and clicks on facebook login button without refreshing the page *the old facebook user (not the one currently logged into facebook) is logged into my account

当用户单击Facebook登录按钮时，如何识别Facebook中的最新用户?

How can I identify the most current user in facebook when user clicks the facebook login button?

<body>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<div id="fb-root">
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
// initialize the library with your Facebook API key    

var AppID = '<%=AppID%>';

window.fbAsyncInit = function() {
FB.init({
appId: AppID,
status: true,
cookie: true,
xfbml: true,
channelUrl: 'http://<%=Request.ServerVariables("HTTP_HOST")%>/channel.html'
});

FB.Event.subscribe('auth.login', function(response) {
//alert('logged in');
});

FB.Event.subscribe('auth.logout', function(response) {
//alert('logged out');
});

FB.getLoginStatus(function(response) {
if (response.status === "connected") {
var uid = response.authResponse.userID;
document.getElementById('hdnFBConnected').value = uid;
}
else if (response.status === "not_authorized") {
//alert("Not authorized");
document.getElementById('hdnFBConnected').value = '';
}
else {
//alert("user not logged in to facebook");
document.getElementById('hdnFBConnected').value = '';
}
});
}; 
</script>

<a href="#" onclick="WindowOpen()"><img src="<%=global_language & "/images/FacebookSmall.gif"%>" /></a>

<script type="text/javascript" language="javascript">
function WindowOpen() {

if (document.getElementById('hdnFBConnected').value != '') //user is connected
{
FB.api('/me', { fields: 'first_name, last_name, locale, email' }, function(result) {

var uid = document.getElementById('hdnFBConnected').value;    

//log the user into my site
})
}
else { //user is not connected, so calling FB.Login()
FB.login(function(response) {
if (response.authResponse) {
var access_token = response.authResponse.accessToken;

FB.api('/me', { fields: 'first_name, last_name, locale, email' }, function(result) {

var uid = response.authResponse.userID;    

var globalLang = '<%=global_language%>';
//log the user into my site                            })
}
else {
//alert('User cancelled login or did not fully authorize.');
}
}, { scope: 'email' }
); 
}

}
</script> 

</body>

推荐答案

您所描述的是正常行为. JS SDK正在发送旧用户的 signed_request 对象，该对象允许新用户访问其帐户.由于这与您有关，因此请在应用程序页面上包含一个注销按钮，并让用户知道在使用完应用程序后单击该按钮很重要.注销按钮应按以下方式调用FB.logout:

What you're describing is normal behavior. The JS SDK is sending the old user's signed_request object which allows the new user to access her account. Since this concerns you, include a logout button on your app's page and let the user know that it's important she clicks that button when she's done using your app. The logout button should call FB.logout like so:

FB.logout(function(response) {
  // user is now logged out
});

为了提高安全性，您可以创建一个活动计时器，该计时器在X分钟不活动后提示用户单击一个按钮.如果用户未在1分钟之内单击，则她将自动注销.大多数银行网站都是通过这种方式处理会话安全性的.

For extra security, you can create an activity timer that prompts the user to click a button after X minutes of inactivity. If the user doesn't click within, say 1 minute, she is logged out automatically. This is how most banking sites deal with session security.

这篇关于FB.getLoginStatus()需要刷新页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！