Possible to find out whether a user is logged into facebook over javascript API?

Question

This question is not a duplicate of this one.

I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).

The reason is that I want to pring user comments in my html code so that search engines can index them.

When a user is logged into facebook I want to replace the html code with the facebook comments snippet.

If not an alternative old school comment form should be displayed.

I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.

I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.

My questions are:

Can I somehow find out if a user is logged into facebook?
Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?

You might want to have a look at this, it uses hacks to guess if users are logged into certain sites: https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information — mrwooster, Mar 08 '11 at 14:36
@mrwooster +1 this is great! the question how reliable it is... i don't think the browsers are gonna change their behaviour and it looksl ike internet explorer is beeing a pain in the ass again... but its a good start if there is no "official" method! — The Surrican, Mar 08 '11 at 15:49
The above article identifies security risks... so in theory, the likes of google and facebook should be working to prevent us using those methods to determine if someone is logged in... something that should be up to the end user to decide if they want to make the information available. Without being granted specific permissions to access a users information, however, the above is going to be the best way to go... but it is a _hack_. — mrwooster, Mar 08 '11 at 16:04
could you post this as an answer with the remakrs of your second comment so i can vote it up and accept it? — The Surrican, Mar 09 '11 at 11:00

Ben Regenspan · Answer 1 · 2012-07-23T21:06:49.410

There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point). Using the Javascript SDK, you can do:

<div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {

    FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
             xfbml: true});

    FB.getLoginStatus(function(o) { 
       if (!o && o.status) return;
       if (o.status == 'connected') {
          // USER IS LOGGED IN AND HAS AUTHORIZED APP
       } else if (o.status == 'not_authorized') {
          // USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
       } else {
          // USER NOT CURRENTLY LOGGED IN TO FACEBOOK
       }
    });

  };

  (function() {
    var e = document.createElement('script'); e.async = true;
    e.src = document.location.protocol +
      '//connect.facebook.net/en_US/all.js';
    document.getElementById('fb-root').appendChild(e);
  }());

</script>

An aside: if XAuth had caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.

Thanks, @Ben! Just a heads up that now you should use `"not_authorized"` in place of `"notConnected"` — rapcal, Apr 30 '12 at 22:29

score 4 · Accepted Answer · answered Mar 10 '11 at 08:50

This article

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.

Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.

Sunil · Answer 3 · 2011-09-23T13:28:23.613

I also ran into similar requirements and solved my problem with following code; Using the Javascript SDK, I used FB object. FB is a facebook object, it has property called _userStatus, this can be used like following.

if(FB._userStatus == "connected")
{
// USER IS LOGGED IN AND HAS AUTHORIZED APP 
}
else if(FB._userStatus == "notConnected"){
   // USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)  
}
else if(FB._userStatus == "unknown")
{
    // USER NOT CURRENTLY LOGGED IN TO FACEBOOK 
}

The above code is very useful. It can be used in any part of the page as long FB object is not null.

Please can you tell me that how can we check this in php – deemi-D-nadeem Jan 11 '17 at 06:56 — deemi-D-nadeem, Jan 11 '17 at 06:56

Possible to find out whether a user is logged into facebook over javascript API?

3 Answers3

Linked

Related