可以找出用户是否通过 javascript API 登录到 facebook? [英] Possible to find out whether a user is logged into facebook over javascript API?
问题描述
这个问题不是这个问题的副本.
我不想知道用户是否已经授权了我的应用程序,但是用户是否登录了 Facebook(完全独立于我的应用程序).
I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).
原因是我想在我的 html 代码中打印用户评论,以便搜索引擎可以索引它们.
The reason is that I want to pring user comments in my html code so that search engines can index them.
当用户登录到 facebook 时,我想用 facebook 评论片段替换 html 代码.
When a user is logged into facebook I want to replace the html code with the facebook comments snippet.
如果不是,则应显示替代的旧学校评论表.
If not an alternative old school comment form should be displayed.
我会定期从图形 api 中提取评论以将它们放入我的数据库中,并且使用经典表单完成的评论应该发布在 api 上(不一定是用户,可以是管理员帐户...)同步所有数据.
I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.
我查看了 Javascript SDK 文档,还发现了函数 getloginstatus 但文件很糟糕而且不是决定性的.我知道 Facebook 代码中也经常有一些功能没有在更高级别的 API 中记录或实现.
I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.
我的问题是:
我能否以某种方式知道用户是否登录了 Facebook?
Can I somehow find out if a user is logged into facebook?
我能否以某种方式获得已发布评论的回调或通知,以便触发与我的数据库的同步,或者我是否必须定期抓取"图形 API?
Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?
推荐答案
本文
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
识别 Google 和 Facebook 中的安全风险,让您可以确定用户是否已登录.虽然没有官方 API 来检查用户是否在未经该用户明确许可访问此信息的情况下登录,但上述文章展示了如何猜测"用户是否登录.
identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.
注意:这篇文章指出了黑客",因此不保证将来会起作用,如果或何时 Google 和Facebook 识别这些安全风险.
Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.
这篇关于可以找出用户是否通过 javascript API 登录到 facebook?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
