Facebook API Logout of my app but not facebook

php javascript facebook facebook-login

11,583

Solution 1

Are you sure you want to only logout of your app, and not fb too, if you logged in using fb? What kind of app could want to do something like that? And why? What's the benefit of doing so?

But if you really want to (hack), in index.php:

<?php
require 'init.php';    // general init
require 'init_fb.php'; // sets $fb_id if logged in to fb

if (isset($fb_id) and !isset($_SESSION['do_not_auto_login'])) {
    echo "<a href='/logout'>Logout</button>";
    include 'app.php';
    return;
}

if (isset($_SESSION['do_not_auto_login'])
     echo "<a href='/re_login'>FB Login</button>";
else include 'html_and_js_fb_login_code_and_button.php';

include 'startpage.php';
?>

and in logout.php:

$_SESSION['do_not_auto_login'] = true;
// destroy-code

and in re_login.php:

unset($_SESSION['do_not_auto_login']);
header("location: /"); // re-direct back to index.php

Not perfect, but works somewhat good. Hope you get the hack!

But still, why?? If you don't think your user would like to come back, ask "How to remove my fb-app from user?" or something instead or try @DMCS's answer.. Why?

Solution 2

A bit late but might help someone. You can revoke app permissions which effectively logs them out of your app. Here's the code:

FB.api('/me/permissions', 'delete', function(response) {
    console.log(response.status); // true for successful logout.
});

Solution 3

This works for me:

window.fbAsyncInit = function() {

FB.getLoginStatus(function(response) {

    FB.api("/me/permissions", "delete", function(response){ 


    });

});

}

Solution 4

You need to use destroySession for Facebook to do

www.example.com?act=logout

<?php
php sdk blah blah


if($_GET['act'] =='logout'){
    $facebook->destroySession(); 

}
$params = array(
 'scope' => 'read_stream, friends_likes',
 'redirect_uri' => 'https://www.myapp.com/post_login_page'
);

$loginUrl = $facebook->getLoginUrl($params);

?>

Maybe you need to set param to make it redirect.

View more solutions

11,583

Author by

cdub

Updated on June 12, 2022

Comments

cdub almost 2 years

How do I make a logout using Facebook's api log me out of my app (a website), but keep me logged into facebook.com?

This logs me in alright:

 window.fbAsyncInit = function()
{
        FB.init({
            appId      : '<?= APP_ID ?>',
            status     : true, 
            cookie     : true,
            xfbml      : true,
            oauth      : true,
        });

    FB.Event.subscribe('auth.login', function(response)
    {alert(response);
            window.location = 'http://reviewsie.com/accounts/facebook';
        });

    };

  (function(d)
{
        var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
        js = d.createElement('script'); js.id = id; js.async = true;
        js.src = "//connect.facebook.net/en_US/all.js";
        d.getElementsByTagName('head')[0].appendChild(js);
    }(document));

But then I click logout on my site which I kill my session to my app. Then when you click on the fb:login-button again, it just opens and closes and doesn't do anything because I'm still connected to facebook. I want it to redirect.

But if when I logout I also use Facebook::logoutUrl it logs me out of my app AND facebook which is not what I want.

Leon about 12 years

when u logout from ur site, u dun wan to log facebook out. when u click login, u wan it to redirect to a specific pages? is this wat u want?
Leon about 12 years

if u wan to logout from ur sites oni. just use $facebook->destroySession(); , do not use getLogoutURL.
Leon about 12 years

add in param like this , by right it should redirect ^^ 'redirect_uri' => 'myapp.com/post_login_page'
Leonard Pauli over 11 years

I don't think he wants to delete the permission!! Just a normal logout!! @DMCS
DMCS over 11 years

"How do I make a logout using Facebook's api log me out of my app (a website), but keep me logged into facebook.com?" This is their question, right? The only way to force reauth is to delete the current auth token (at least it was this way Feb 2012 .. maybe Facebook has changed something). Please enlighten us on how you would answer their question.
DMCS about 11 years

@LeonardPauli very nice solution to the problem, I'm surprised that this issue which would seem to be very relevant to many peoples' websites has garnered such little attention. I don't do anything in PHP (C# for me) so learning something new is always fun.
Art Geigel over 8 years

This is the correct answer in my opinion. You don't want to fully revoke permissions and force the reauthorization dialog. Destroying the FB session from the server allows you to kill any FB connectivity your app has without logging the user out of FB entirely. Sometimes users want peace-of-mind of logging out of a given app without annoying them by also logging them out of FB. Nice simple solution. Thanks for posting.