Facebook JS SDK FB.logout() doesn't terminate user session

Question

I'm attempting to log a user out of facebook with the Facebook JS SDK, however calling:

FB.logout(function(response){
    console.log(response);
});

returns: response.status == "connected"

And only after refreshing the page does the SDK realize that the session has ended. Anyone know what could be causing this behavior? This code previously worked in my application and has recently started behaving this way.

Another example using FireBug:

enter image description here

When calling the logout and before refreshing your page, if you go on Facebook are you still connected ? If you call the logout twice in a row, is it the same response ? (if not isn't it just a matter of timing between calls & response ?) (And, even if it's not answering the "why" part, can't you fix this by reloading the page in the response ?) Oh and, last one, "undefined" is another console.log i presume ? — evanesis, Jan 13 '12 at 10:58
@Flow' S, Yes 'undefined' is an irrelevant console log. FB.logout() does log the user out of facebook, but the current page FB object doesn't realize it until after a refresh. I would strongly prefer not to have to manually refresh the page after the user logs out. Also I attempted to delete the fbsr_ cookie to see if this removed it -- no effect. This previously worked and only recently changed. Also, I tried the same test on hulu.com which uses the FB JS SDK, same results. Is this possibly a bug in the SDK? — Casey Flynn, Jan 13 '12 at 19:12
I'm currently use `FB.getLoginStatus` from `FB.logout` callback to ensure JS-SDK forget about user. — Juicy Scripter, Jan 13 '12 at 19:58
TOP TIP: There are a tonne of nuances with FB API, on many levels. Do yourself a favor and use `https://connect.facebook.net/en_US/sdk/debug.js` instead of `https://connect.facebook.net/en_US/sdk.js` during primary development. You'll see lovely blue debug messages in the console, which you can filter by filename (debug.js) :-) — Simon_Weaver, Dec 09 '18 at 06:04

score 14 · Accepted Answer · answered Jan 14 '12 at 06:34

14

https://developers.facebook.com/bugs/245362365535898?browse=search_4f112135664703a96454690 This is a bug in the JS SDK that has now been fixed and it should get pushed in not too long.
Until then you can do the following

FB.logout(function(response) {
  FB.Auth.setAuthResponse(null, 'unknown');
  ...
});

answered Jan 14 '12 at 06:34

Sean Kinsey

37,689
7
52
71

Thank you worked with me and solve my big problem, appreciate :) – Tarek El-Mallah Jun 28 '12 at 15:07
I tried it, but, the function(response) never executed, any idea ? – simo Nov 15 '12 at 09:31
1

@JaredEitnier What doesn't work? And what is version 3? As the main contributor to the JS SDK, it's funny that I haven't heard of this :) – Sean Kinsey Nov 08 '13 at 19:15
I somehow in my tired mind yesterday mixed up the PHP SDK & JS SDK I think haha. Anyway, dumb comment gone :) – Jared Eitnier Nov 08 '13 at 19:23
it seems logout success, but for me the statements after `FB.Auth.setAuthResponse(null, 'unknown');` is not calling, like a simple alert() – Jeffrey Neo Jan 21 '14 at 04:57
Anyway, I solved the problem by using `setTimeout` for my function call before the line `FB.Auth.setAuthResponse`, sounds a little bit tricky. – Jeffrey Neo Jan 21 '14 at 05:13
`Auth` object doesn't exist in my `FB` object. Maybe because of Facebook Javascript SDK version. What would be the solution for FB 2.5 ? – manonthemoon Aug 12 '16 at 20:15
@manonthemoon, then it's not the JS SDK you have loaded. Auth is part of the core configuration. – Sean Kinsey Aug 16 '16 at 20:07

NavCore · Answer 2 · 2016-08-31T22:18:12.283

3

FB.logout(function(response) {
  ...
});

This FB.logout method is working 100%. The problem is that users are trying to call it from localhost which is not working.

Please try call it from server.

edited Aug 31 '16 at 22:18

answered Aug 31 '16 at 21:14

NavCore

1,115
3
10
25

On my case , yes , you are right. It does not work on localhost. However I not sure your word (working 100%). – ปรีดา ตั้งนภากร Feb 01 '18 at 03:41
This is working for me in localhost with XAMPP. Might be that the devs are not using https – Fernando Torres Mar 26 '18 at 05:56
Wow yes this does seem to be correct even today, and even with https. It literally doesn't seem to do anything on localhost – Simon_Weaver Dec 09 '18 at 06:08

vishnu lal · Answer 3 · 2018-07-11T10:43:52.940

As i have spent lots of time to find out exactly what is happening in the FB logout, felt better to share it here for others.

First thing, Please read the documentation here

A person logs into Facebook, then logs into your app. Upon logging out from your app, the person is still logged into Facebook.

this point killed 90% my of time. When i have logged in from facebook.com and trying to test login button in my application, it worked as expected, but logout was not terminating the session.

Solution or Fix: As per the scenarios given in the document, it will not terminate the user session, as the login is not initiated from the app, it is from facebook.com. so in this case, fb will not terminate the session.

When you login into fb, from your app (fresh login as username and password), system consider the source/trigger of the session as your app. so when you do logout (window.FB.logout or FB.logout) it will terminate user session completely.

So please logout from facebook.com before testing login functionality in your app.

As other mentioned, use below code to logout

FB.logout(function(response) {
 // response from logout will have authResponse with access_token so better to test the status as it will return "unknown"
 if(response.status !== "connected") { } \\ do some check on the status of the login before considering successful logout.
});

Last but not least: to test from localhost, please update the settings in FB APP

Update App Domains to localhost
Site URL under Websites to http://localhost:3000/

This will solve issues faced in testing from localhost

Looks like this is what happening. But this behavior is strange, different from Google where logging out will only invalidate the oauth grant on your website, not actually log the user out of his Google account. Edit: ok I think Facebook intentionally does this to enforce a single FB login across all websites. — Sarsaparilla, Jan 16 '21 at 18:13

score 3 · Answer 4 · answered Jan 13 '12 at 23:36

See http://hustoknow.blogspot.com/2012/01/dealing-with-zombie-facebook-cookies.html

When you logout, a cross-domain request gets sent to Facebook to invalidate the session. When you hit reload, another request gets sent to Facebook's site -- since FB recognizes the cookie as invalid, it correctly deletes the cookie from your browser.

I suspect it's a regexp bug in how they forgot to parse the fbm_ cookie, recently introduced in the last day or so. I'm just surprised that this fix hasn't been pushed.

score 1 · Answer 5 · answered Jan 13 '12 at 21:16

I have the same experience with the FB.Logout() not working as advertised. As a workaround I use the below javascript function to check if the user is logged in and if so, redirect to https://www.facebook.com/logout.php with the URL of the subsequent page to load and their access token:

    function reallylogout() {
      FB.getLoginStatus(function (response) {
        if (response.authResponse) {
           window.location = "https://www.facebook.com/logout.php?next=" +
             'URL to redirect to' +
             "&access_token=" + response.authResponse.accessToken;
        } else {
           $("#loginButtonDiv").show();
           $("#logoutButtonDiv").hide();
        }
      });
    }

The show/hide bit is just jQuery to show or hide divs that have a login and logout button in them. The logout button's onclick triggers the reallyLogout() function.

This works for my app.

This works, but I'm really looking for a solution that can trigger the FB JS SDK to 'forget' about the logged in user without performing a page refresh. Up until a few weeks ago this worked, and I have not made any changes since then. — Casey Flynn, Jan 13 '12 at 21:41

score 0 · Answer 6 · edited Sep 21 '12 at 20:09

0

Ok guys I found a solution for this:

Put up onClick event for the logout <a> tag like this

onclick="FB.logout(function() { document.location.reload(); });"

All together:

<a href="#" 
   id="auth-logoutlink"
   style="float:left;font-size: small;"
   onclick="FB.logout(function() { document.location.reload(); });">
   [logout]
</a>

edited Sep 21 '12 at 20:09

Jay

18,959
11
53
72

answered Sep 21 '12 at 05:58

sajanyamaha

3,119
2
26
44

score 0 · Answer 7 · answered Jul 10 '13 at 10:17

in asp.net mvc application i did it as following.

<a href="javascript:void(0);" class="logOff">Log out</a>

$(function () {


    $(".logOff").click(function () {

        //check if logout is 
        FB.getLoginStatus(function (response) {
            console.log('inside login status');
            if (response.status === 'connected') {
                // the user is logged in and has authenticated your
                // app, and response.authResponse supplies
                // the user's ID, a valid access token, a signed
                // request, and the time the access token 
                // and signed request each expire
                var uid = response.authResponse.userID;
                var accessToken = response.authResponse.accessToken;
                FB.logout(function (response) {

                    FB.Auth.setAuthResponse(null, 'unknown');

                });
            } else if (response.status === 'not_authorized') {
                // the user is logged in to Facebook, 
                // but has not authenticated your app

            } else {
                // the user isn't logged in to Facebook.
                console.log('response status not logged in');
            }
        });
        window.location.href = '@Url.Action("LogOff", "Account")';

    });

`FB.Auth`, Auth doesn't exist for me using Facebook SDK 2.5. — manonthemoon, Aug 12 '16 at 20:48

score 0 · Answer 8 · edited Jan 15 '12 at 13:29

0

I've faced similar kind of problem. I've used FB.getLoginStatus() after Logout.

edited Jan 15 '12 at 13:29

Andrew Whitaker

124,656
32
289
307

answered Jan 15 '12 at 10:58

Abdul Ahad

2,187
4
24
39

score 0 · Answer 9 · answered Jan 16 '12 at 23:00

0

It appears broken in Facebook. On FB rell you can login but the logout function does nothing. http://www.fbrell.com/auth/all-in-one

answered Jan 16 '12 at 23:00

Shaun

195
2
12

score -1 · Answer 10 · edited Oct 21 '12 at 10:57

It may be doesn't work because you don't include your Facebook app key. It works for me like this:

 Ext.get('auth-logoutlink').on('click', function(){   
                  FB.getLoginStatus(function (response) {
                    if (response.authResponse) {
                       window.location = "https://www.facebook.com/logout.php?confirm=1&api_key=**MYAPIKEY**&next=" +
                         '**MYWEBSITEURL**' +
                         "&access_token=" + response.authResponse.accessToken;
                    } else {
                       //HIDE **LOGOUT BUTTON**
                       //SHOW **LOGIN BUTTON**
                    }
                  });
        });

Facebook JS SDK FB.logout() doesn't terminate user session

10 Answers10

Linked