I have a small bug that's associated with Facebook log-in on my application.
Once a user is changing his account through the native Facebook site, and I am refreshing the page(which uses the facebook.php class) and call $facebook->getUser() it will still return me the user ID of the previous user, and will only update on the second refresh.
I have checked the permissions that we are requesting, and those that we were requesting in the past, and it seems that there is no 'Offline access' t here, so I have eliminated it from the list of possible causes.
This is important both from security and use convenience reasons. I've tried calling destroySession, I have also tried killing the cookie manually by doing the following:
setcookie('fbsr_' . FACEBOOK_APP_ID, '', time()-3600, '/', '.'.$_SERVER['SERVER_NAME']);
What could be the reason for this odd behavior?, can some one please assist me?.
Thanks in advance, Oleg.
complete code of the page:
<?php
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
require_once 'src/facebook.php';
require_once 'config/configFB.php';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => FACEBOOK_APP_ID,
'secret' => FACEBOOK_SECRET_KEY,
));
// Get User ID
$fbUserId = $facebook->getUser();
echo $fbUserId;//testing the bug
exit(1);
?>
IMPORTANT: all the users that I am using in order to test this scenario have added my application, so in fact, I'm supposed to have access to their data.
You could just do a header redirect to the same page to "act" as the second redirect. More of just a band aide rather than a proper solution. Although unless im mistaken if I log into a different facebook account I will have to reauthorise your application to use that account because the permissions will not be set.