Despite me trying for hours on this, I can't figure out why I can't destroy this Facebook session. The logout URL logs out of Facebook, but i can't destroy the session. I've trawled through Stack Overflow but none of the answers have helped so far.
session_start();
$app_id = 'XXX';
$app_secret = 'XXX';
$redirect_uri = 'XXX';
$permissions = array(XXX);
define( 'ROOT', dirname( __FILE__ ) . '/' );
require_once( ROOT . 'facebook-php-sdk-v4-4.0-dev/autoload.php' );
use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
// Initialize the SDK
FacebookSession::setDefaultApplication( $app_id, $app_secret );
$helper = new FacebookRedirectLoginHelper( $redirect_uri );
// Check if existing session exists
if ( isset( $_SESSION ) && isset( $_SESSION['fb_token'] ) ) {
// Create new session from saved access_token
$session = new FacebookSession( $_SESSION['fb_token'] );
// Validate the access_token to make sure it's still valid
try {
if ( ! $session->validate() ) {
$session = null;
}
} catch ( Exception $e ) {
// Catch any exceptions
$session = null;
}
} else {
// No session exists
try {
$session = $helper->getSessionFromRedirect();
} catch( FacebookRequestException $ex ) {
// When Facebook returns an error
} catch( Exception $ex ) {
// When validation fails or other local issues
echo $ex->message;
}
}
// Check if a session exists
if ( isset( $session ) ) {
// Save the session
$_SESSION['fb_token'] = $session->getToken();
// Create session using saved token or the new one we generated at login
$session = new FacebookSession( $session->getToken() );
// Create the logout URL
$logoutURL = $helper->getLogoutUrl( $session, 'http://msbooth.azurewebsites.net/' );
HERE IS THE PROBLEM SECTION:
if(isset($_GET['action']) && $_GET['action'] === 'logout'){
$session->destroySession();
header('Location: ' . $helper->getLogoutUrl($session, 'XXX'));
}
Any ideas on why the session won't destroy are welcome! I don't think i'm calling the action on the right object. Rest of the code below for reference.
} else {
// No session - Get Login URL
$loginUrl = $helper->getLoginUrl( $permissions );
echo '<a href="' . $loginUrl . '">Log in with Facebook</a>';
}
Funnily enough this seems to have fixed the issue. Is this best practice or will this fail?
// Create the logout URL (logout page should destroy the session)
$logoutURL = $helper->getLogoutUrl( $session, 'http://msbooth.azurewebsites.net/' );
$redirectlogout = 'Location: ' . $helper->getLogoutUrl($session, 'http://msbooth.azurewebsites.net/');
if(isset($_GET['action']) && $_GET['action'] === 'logout'){
session_destroy();
header($redirectlogout);
}