使用PHP或JavaScript Facebook SDK，如何保持用户登录到我的网站? [英] Using the PHP or JavaScript Facebook SDK, how can I keep the user logged in to my website?

问题描述

我正在使用 Facebook的PHP SDK 将用户登录到我的网站，如下所示:

I'm using Facebook's PHP SDK to log users in to my website, like so:

<?php
$facebook = new Facebook(array(
    "appId"  => "myAppID",
    "secret" => "mySecret",
));

$user = $facebook->getUser();

if ($user) {
    try {
        // user is authenticated
        $user_profile = $facebook->api("/me");
    } catch (FacebookApiException $ex) {
        $user = null;
    }
}

if ($user) {
    $logoutURL = $facebook->getLogoutUrl();
    ?>
    <img src="https://graph.facebook.com/<?php echo $user; ?>/picture" />
    <a href="<?php echo($logoutURL); ?>">Logout</a>
    <pre><?php print_r($user_profile); ?></pre>
    <?php
} else {
    ?>
    <a href="<?php echo($loginURL); ?>">Login</a>
    <?php
}
?>

问题在于，当用户返回该站点时，他们将不再登录，而必须重新登录.

The problem is that when a user returns to the site, they're no longer logged in, and have to log back in.

回头用户有可能保持登录状态吗?

Is it possible for returning users to remain logged in?

更新:

我的确切解决方案最终是JavaScript和PHP Facebook SDK的组合.

My exact solution ended up being a combination of the JavaScript and PHP Facebook SDKs.

问题是不使用cookie来存储Facebook登录信息-一个PHP会话是(PHP会话cookie在浏览器关闭时失效).除此之外，除非您具有脱机访问权限，否则访问令牌将过期.换句话说，即使您将Facebook访问令牌存储在cookie中，它最终也会过期并且用户将被注销.

The problem is that a cookie isn't used to store the Facebook login information—a PHP session is (PHP session cookies expires when the browser is closed). In addition to this, unless you have offline access, the access tokens expire. In other words, even if you were to store the Facebook access token in a cookie, it would eventually expire and the user would be logged out.

我最终使用的JavaScript:

The JavaScript I ended up using:

    FB.init({
        appId: "myAppID",
        cookie: true, // enable cookies to allow the server to access the session
        xfbml: true, // parse XFBML
        oauth: true // enable OAuth 2.0
    });

    FB.Event.subscribe("auth.login", function(response) {
        // a user logged in who was not previously logged in
        window.location.refresh(true); // ideally modify the page with JS rather than refreshing
    });

    FB.Event.subscribe("auth.logout", function(response) {
        // a user logged out who was previously logged in
        window.location.refresh(true); // ideally modify the page with JS rather than refreshing
    });

    // check if the user is logged in or not, using the Facebook JS SDK
    FB.getLoginStatus(null);

加载页面后，Facebook JavaScript SDK将与Facebook进行检查以查看用户是否已登录.如果用户已登录并且尚未设置cookie，则将对其进行设置.然后，您可以刷新页面(或者理想情况下，使用JavaScript对其进行修改)，服务器将能够使用常规的PHP SDK(以及该问题的第一部分代码)来访问cookie.

When the page is loaded, the Facebook JavaScript SDK checks with Facebook to see if the user is logged in. If the user is logged in, and the cookie isn't already set, it will be set. You can then refresh the page (or, ideally, modify it with JavaScript) and the server will be able to access the cookie using the regular PHP SDK (and the first piece of code in this question).

这是我发现跨浏览会话进行持久登录的最佳方法.

This is the best way I've found for persistent logins across browsing sessions.

推荐答案

这里有两种情况.一种是对用户进行身份验证，另一种是对用户进行识别.

There are two scenarios here. One is to authenticate the user, and the other one is to recognize the user.

当您使用任何Facebook API提供的登录方法时，通常会发生的事情是，他们将查看用户是否与Facebook建立了会话.如果不是，将提示用户登录，以便您可以看到该用户.在您的情况下，您希望用户始终登录到Facebook.这并不是真正可行的方法，因为您需要找出它是哪个用户.您可以将带有一些识别详细信息的cookie存储在用户计算机上.您需要具有该用户的脱机权限，否则该用户将必须使用API​​登录才能获得新的access_token.

What usually happens when you use the login methods provided from any Facebook API is that they will see if the user have a session going with Facebook. If not the user will be prompted to log in so you can see which user it is. In your case you want the user to always be logged in to Facebook. This is not really doable since you need to find out which user it is. You could store a cookie on the users computer with some recognition details. You would need to have offline permissions for the user or else the user will have to be logged in with the API to get a fresh access_token.

如果需要我的建议，您应该只使用API​​的GetLoginStatus方法来检查用户是否与Facebook建立了会话.如果用户未登录Facebook，则要求他们登录您的网站也不过分.大多数使用Facebook的用户都存储了他们的登录信息，因此只要打开浏览器，他们就始终可以进行会话.

If you want my advise you should just use the GetLoginStatus method of the API to check if the user has a session going with Facebook. If the user is not logged in to Facebook it is not too much to require them to log in on your website. Most users who use Facebook have their login stored so they will always have a session going whenever their browser is open.

这将是/最好的解决方法，因为它不需要您向用户询问脱机权限，我想许多用户都不愿提供这些权限.如果由于某种原因您不能使用该方法，我建议您获得脱机许可，然后在没有计时器的情况下将cookie存储在他们的计算机上，这样就不会自动将其删除.

That would/is the best way to go about it as it doesn't require you to ask the users for offline permissions which I suppose many users wouldn't want to give. If for some reason you can't use that approach I suggest getting offline permission and then storing a cookie on their computer with no timer on it so it won't be automatically deleted.

很抱歉，我希望对您有所帮助:)

Sorry for the wall of text, but I hope I was somewhat helpful :)

这篇关于使用PHP或JavaScript Facebook SDK，如何保持用户登录到我的网站?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！