Facebook自动重新登录从cookie php [英] facebook auto re-login from cookie php
问题描述
我的网站使用Facebook连接进行登录,而我的服务器上的会话生存时间是3600。
我正在使用客户端流(javascript)重定向到login.php,login.php检索cookie(由javascript设置)以获取访问令牌。 p>
但是,如果用户在3600秒以上空闲,我的服务器上的会话将过期。 ($ _SESSION ['uid']不存在。)
我的login.php如何检查用户是否已经登录到Facebook(而不是我的应用程序)?
我使用的解决方案是将用户重定向到我的JavaScript页面,onStatus功能将被Facebook自动触发。
我是搜索一个可以用login.php完成的解决方案,如果他或她已经登录Facebook(而不是重定向到JavaScript页面),自动重新登录我的网站。有可能吗?
javascript:
FB.init({ appId:'MY_APP_ID',状态:true,cookie:true,xfbml:true});
FB.getLoginStatus(function(response){
onStatus(response);
FB.Event.subscribe('auth.statusChange',onStatus);
FB .Event.subscribe('auth.login',reloadPage);
});
function onStatus(response){
if(response.session){
window.location.href ='/ login?fb';
}
}
函数reloadPage(响应){
if(response.session){
window.location.href ='/ login?fb ;
}
}
PHP(用于登录):
function get_facebook_cookie($ app_id,$ app_secret){
$ args = array();
if(!isset($ _ COOKIE ['fbs_'。$ app_id]))
return false;
parse_str($ _ COOKIE ['fbs_'。$ app_id],'\\''),$ args);
ksort($ args);
$ payload = ';
foreach($ args as $ key => $ value){
if($ key!='sig'){
$ payload。= $ key。'='。 $ value;
}
}
if(md5($ payload。$ app_secret)!= $ args ['sig']){
return false;
}
return $ args;
}
$ cookie = get_facebook_cookie(MY_APP_ID,MY_APP_SECRET);
if($ cookie){
if ($ result = @file_get_contents(https://graph.facebook.com/me/?access_token=$ cookie ['access_token'])){
$ result = json_decode($ result,true);
$ _SESSION ['uid'] = $ result ['id'];
}
我已经找出了一种方法,以便在所有页面中显示以下页面。
通过cookie给Facebook的访问令牌过期,iframe自动刷新页面
和FB.i nit()将为我的应用程序设置一个新的访问令牌(cookie)。
在我的php文件中,只需检查cookie是否已连接。
fb_keepalive.html:
< div id =fb-root> < / DIV>
< script type =text / javascriptsrc =https://connect.facebook.net/zh_TW/all.js>< / script>
< script type =text / javascript>
FB.init({appId:'APP_ID',status:true,cookie:true,xfbml:true});
FB.getLoginStatus(function(response){
onStatus(response);
});
function onStatus(response){
if(response.session){
var timestamp = new Date()。getTime();
var expires = response ['session'] ['expires'] * 1000;
if(expires - timestamp> = 0){
setTimeout(function(){window.location.reload();},expires - timestamp);
}
}
}
< / script>
My website uses Facebook connect for login and the session lifetime on my server is 3600.
I'm using Client-Side Flow (javascript) redirect to login.php, and login.php retrieve cookies (set by javascript) to get access token.
However, if a user is idled over 3600 seconds, the session on my server expires. ($_SESSION['uid'] does not exists.) How can my login.php check the user has already logged in Facebook(not my app) or not?
The solution I'm using is to redirect the user to my javascript page, and "onStatus function" would be automatically trigged by facebook.
I'm searching for a solution which can all be done with login.php to automatically relogin my website if he or she has logged in Facebook (without redirecting to javascript page). Is is possible?
javascript:
FB.init({appId: 'MY_APP_ID', status: true, cookie: true, xfbml: true});
FB.getLoginStatus(function(response) {
onStatus(response);
FB.Event.subscribe('auth.statusChange', onStatus);
FB.Event.subscribe('auth.login', reloadPage);
});
function onStatus(response) {
if (response.session) {
window.location.href = '/login?fb';
}
}
function reloadPage(response) {
if (response.session) {
window.location.href = '/login?fb';
}
}
PHP (for login):
function get_facebook_cookie($app_id, $app_secret) {
$args = array();
if(!isset($_COOKIE['fbs_' . $app_id]))
return false;
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $app_secret) != $args['sig']) {
return false;
}
return $args;
}
$cookie = get_facebook_cookie(MY_APP_ID, MY_APP_SECRET);
if($cookie){
if($result = @file_get_contents("https://graph.facebook.com/me/?access_token=".$cookie['access_token'])){
$result = json_decode($result, true);
$_SESSION['uid'] = $result['id'];
}
I've figured out a way to do so. To iframe the following page in all pages.
When the access token gave by facebook through cookie expires, page in iframe auto refresh. And FB.init() would set up a new access token(cookie) for my app.
In my php files, just check the cookies as first connected.
fb_keepalive.html:
<div id="fb-root"></div>
<script type="text/javascript" src="https://connect.facebook.net/zh_TW/all.js"></script>
<script type="text/javascript">
FB.init({appId: 'APP_ID', status: true, cookie: true, xfbml: true});
FB.getLoginStatus(function(response) {
onStatus(response);
});
function onStatus(response) {
if (response.session) {
var timestamp = new Date().getTime();
var expires = response['session']['expires'] * 1000;
if(expires - timestamp >= 0){
setTimeout(function(){window.location.reload();}, expires - timestamp);
}
}
}
</script>
这篇关于Facebook自动重新登录从cookie php的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
