I can't seem to get a facebook connect app that I am building to log the user out (sorry no url as it's still in dev). Each time the user clicks a link with the class "logout" the following JS runs which seems to work and even shows the FB modal stating the user has been logged out.
$(document).ready(function(){
$('.logout').click(function(){
//Kill facebook Session
FB.Connect.logout(function() {
window.location = $('.logout').attr("href");
});
});
});
Upon reaching the callback above, the JS sends the user to the logout page where PHP again forces the removal of a custom session and insures that the FB session was removed. Then the user is sent back to the page they were on when they clicked the "logout" link.
//Remove our site session
Auth::logout();
/* FAIL
//Send user to FB logout page and then back here
$logout_url = $this->fb->get_logout_url( site_url( $return_to ? base64_url_decode($return_to) : '' ) );
// Clear any stored state
$this->fb->clear_cookie_state();
exit(header("Location: ". $logout_url));
*/
//FAIL
//$this->fb->logout( site_url( $return_to ? base64_url_decode($return_to) : '' ) );
//FAIL
//Remove user (is this needed..?)
//$this->fb->set_user(NULL, NULL);
//Remove the FB session cookies (in case the JS didn't)
$this->fb->clear_cookie_state();
// Redirect to privious page
redirect( ( $return_to ? base64_url_decode($return_to) : '') );
However, this whole process results in the user being right back where they were and still logged in. A second click on the link seems to do the trick and remove the session though. I have monitored firebug (w/firecookie) and the PHP logout page reports deleting the FB session cookies - yet the next page loaded seems to still use them?!
If anyone knows how to completely DESTROY ALL FACEBOOKS ahem... sessions then please speak up.
:EDIT: I have even tried to manually remove all cookies on the logout page and it still fails
if( $_COOKIE ) {
foreach( $_COOKIE as $name => $value ) {
//Get the current cookie config
$params = session_get_cookie_params();
// Delete the cookie from globals
unset($_COOKIE[$name]);
//Delete the cookie on the user_agent
setcookie($name, '', time()-43200, $params['path'], '', $params['secure']);
}
}
My guess is that because you are starting the Facebook api classes it reads the session and sets all the cookies again your Javascript call just cleared.
The php facebook lib and the FB js lib both use the same cookienames. (so you can login through javascript and the php lib will be logged in as well).
There is a specific function for a log out and going to a URL by the way:
FB.Connect.LogoutAndRedirect(url);
Just use the <fb:login-button> tag and make sure you have autologoutlink='true' Then, when the user is logged in, print out the <fb:login-button> tag and it will show up as a "Logout?" button
Hope that helps.
EDIT: The docos for login-button: http://wiki.developers.facebook.com/index.php/Fb:login-button
This worked for me (where the redirect page clears the server stuff)
FB.logout(function(response) {
window.location.href="/login/signout";
});