I have this function for facebook
public function link2(){
global $config;
$facebook = new Facebook(array(
'appId' => $config['facebook_appId'],
'secret' => $config['facebook_secret'],
'cookie' => true
));
return $facebook;
}
then I do this to get the token
if(isset($_SESSION['fb_'.$config['facebook_appId'].'_access_token'])){
$accesstoken = $_SESSION['fb_'.$config['facebook_appId'].'_access_token'];
}else{
$accesstoken = $facebook->getAccessToken();
}
and store it in DB, but after I logout and login again and make another call for ALBUMS I get error
A user access token is required to request this resource
i am doing session_destroy in my logout.php file, I am wondering how session is related to this , If i change my logout.php file to just unset userId variable then call works for me. Am I missing something?
Why do you store the user access token in a session at all? The whole point of session data is temporary storage.
You can just save the token to the database during the login and read it from there every time you call $facebook = new Facebook( ...
It will be much easier if you store it in one place only.
The second point is, you cannot expect that the user uses a logout button. If the user just closes the browser and kills his or her cookies, the session will not be destroyed but no one can access it anymore. So the only thing that logout should do, is to destroy the session.
Just Follow these steps. you may need to get offline access token.
1. You will own App Name, App URL, App ID, and App Secret get access code, go to:
after you click; your browser will be redirect to Your_App_URL with additional URL attribute, it will look something like:
Your_App_URL?code=long_facebook_code
2. get offline access token, go to :
the page will display something like
access_token=123456789|99bdea74e40ecc75530b7c45-132456798|dTntC8lVyR84eBxK1TS9ws2s_s0
Note: make sure there are no word “expire=” in the end of the token (the bold text) copy your offline token (only the bold text) and use it, it permanent token and never change event if you change your application name.
//Check and retrieve access token if exists for current user
$atfromdb = mysql_query("......");
if(isset($_SESSION['fb_'.$config['facebook_appId'].'_access_token'])){
$accesstoken = $_SESSION['fb_'.$config['facebook_appId'].'_access_token'];
}else if( strlen($atfromdb) > 0 ){
$accesstoken = $atfromdb;
}else{
$accesstoken = $facebook->getAccessToken();
}
if(isset($_SESSION['fb_'.$config['facebook_appId'].'_access_token'])){
$accesstoken = $_SESSION['fb_'.$config['facebook_appId'].'_access_token'];
}else{
$accesstoken = $facebook->getAccessToken();
}
If this is the only code you have to assign $accesstoken, then $accesstoken will be undefined after logging out. session_destory() removes all keys stored in $_SESSION. So the isset() will return false. Next, $facebook->getAccessToken() only checks to the see if the token exists as a query string parameter; since the token is not being sent (it only gets sent after someone is redirected from Facebook), therefore $accesstoken is undefined.
A quick fix would be to set the session key as it existed before. Directly after your authentication code, set the session key using the user's data from your database. Such as:
$_SESSION['fb_'.$config['facebook_appId'].'_access_token'] = $user_from_database['his_stored_access_token'];