可以通过javascript API了解用户是否登录到Facebook？ [英] Possible to find out whether a user is logged into facebook over javascript API?

问题描述

此问题与此问题不重复a>。

我不想知道用户是否授权我的应用程序，但是如果用户登录到Facebook（完全独立于我的应用程序） / p>

原因是我想在我的html代码中引用用户评论，以便搜索引擎可以对其进行索引。

当用户登录到Facebook时，我想用Facebook的评论代码段替换html代码。

如果不能显示一个替代的旧学校评论表单。

我会从图api让他们在我的数据库和使用经典表单完成的评论应该发布在api（不一定作为用户，可以是管理员帐户...）使所有数据同步。

我看着Javascript SDK文件，还发现了功能 getloginstatus ，但文档是不好的，不是决定性的。我知道在facebook代码中也经常出现这些功能，这些功能在高级apis中没有被记录或实现。

我的问题是：

• 我可以以某种方式找出用户是否登录到Facebook？




• 不知何故有回帖或通知发布的评论，所以我可以触发同步到我的数据库，或者我必须爬行图api定期？

解决方案

这篇文章

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

识别Google和Facebook中的安全风险，这将允许您确定如果用户登录了，而没有官方API存在，检查用户是否登录，没有用户授予您明确的权限访问此信息，ab ove文章显示如果用户登录，您可以猜。

注意：文章标识了一个黑客，所以不能保证在未来，如果或何时Google& Facebook识别这些安全隐患。

This question is not a duplicate of this one.

I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).

The reason is that I want to pring user comments in my html code so that search engines can index them.

When a user is logged into facebook I want to replace the html code with the facebook comments snippet.

If not an alternative old school comment form should be displayed.

I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.

I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.

My questions are:

• Can I somehow find out if a user is logged into facebook?

• Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?

解决方案

This article

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.

Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.

这篇关于可以通过javascript API了解用户是否登录到Facebook？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！