2

I just read the manual but it doesn't say how to log a user out. My problem is similar to this:

Facebook JS SDK FB.logout() doesn't terminate user session

But I'm using the serverside flow. I think I need to know the name(s) of which cookie(s) to invalidate since deleting the cookie would log the user out wouldn't it?

Here's me logout where I assume I know the name of the cookie that could have changed:

class FBLogoutHandler(webapp2.RequestHandler):

    csrf_protect = False

    def get(self):
        logging.debug('in fblogout')
        current_user = main.get_user_from_cookie(self.request.cookies,
                facebookconf.FACEBOOK_APP_ID,
                facebookconf.FACEBOOK_APP_SECRET)
        if current_user:
            graph = main.GraphAPI(current_user['access_token'])
            profile = graph.get_object('me')
            accessed_token = current_user['access_token']
        logging.debug('setting cookie')
        self.set_cookie('fbsr_' + facebookconf.FACEBOOK_APP_ID, None,
                        expires=time.time() - 86400)

        self.redirect('https://www.facebook.com/logout.php?next=http://www.koolbusiness.com/fbredirect&access_token=%s'
                       % accessed_token)

    def set_cookie(
        self,
        name,
        value,
        expires=None,
        ):
        if value is None:
            value = 'deleted'
            expires = datetime.timedelta(minutes=-50000)
        jar = Cookie.SimpleCookie()
        jar[name] = value
        jar[name]['path'] = '/'
        if expires:
            if isinstance(expires, datetime.timedelta):
                expires = datetime.datetime.now() + expires
            if isinstance(expires, datetime.datetime):
                expires = expires.strftime('%a, %d %b %Y %H:%M:%S')
            jar[name]['expires'] = expires
        self.response.headers.add_header(*jar.output().split(': ', 1))
Community
  • 1
  • 1
Niklas Rosencrantz
  • 25,640
  • 75
  • 229
  • 424

2 Answers2

3

The method that doesn't use the JS SDK, and is therefore probably preferable for anyone doing server-side FB authentication, I found here: https://stackoverflow.com/a/9799430/117989.

From http://developers.facebook.com/docs/authentication/:

Logging the user out of Facebook

You can programmatically log the user out of Facebook by redirecting the user to

https://www.facebook.com/logout.php?
    next=YOUR_REDIRECT_URL
    &access_token=USER_ACCESS_TOKEN

The URL supplied in the next parameter must be a URL with the same base domain as your application as defined in your app's settings.

Community
  • 1
  • 1
duelin markers
  • 553
  • 3
  • 14
1

You can not log the user out of FB - this would require you to have access to FB cookies, which you do not.

You can only log user out of your own app.

Peter Knego
  • 79,991
  • 11
  • 123
  • 154
  • OK thanks, logging the user out of my app is what I want to do. – Niklas Rosencrantz Apr 02 '12 at 07:04
  • 1
    This can't be the answer, because it violates [Facebook's Platform Policies](http://developers.facebook.com/policy/): Item I 6 says 'Your website must offer an explicit "Log Out" option that also logs the user out of Facebook.' – duelin markers Sep 06 '12 at 15:02
  • OP is asking about server side logout. Afaik Facebook only offers client-side javascript logout: http://stackoverflow.com/questions/658027/logout-with-facebook – Peter Knego Sep 06 '12 at 15:14