Is it possible to check (using PHP or Javascript) if a user is logged into his/her account? I need the name, email and photo.
+4
A:
It is not possible unless you're twitter.com, cookies are only passed to the domain they're for (or a parent domain, depending on how they're set), for security reasons.
Imagine if you could do this, do you want any web site you visiting knowing your an SO member, your gmail login, your....you see my point, it would be a huge privacy breach, as well as a security one since you could steal a user's session on many sites.
Nick Craver
2010-10-16 00:20:36
tks. so any other way to pull this info if the user has a Twitter account?
fast-dev
2010-10-16 00:22:34
@fast-dev - Not from *another* domain, no...this is very explicitly disallowed for the reasons above.
Nick Craver
2010-10-16 00:23:48
Most login-related information is (or should be) stored in session data anyway, which is all server-side. Only the session ID is passed to the client.
willell
2010-10-16 02:51:23
@willell - Right, but that's usually in a cookie :) ...so you could potential use that to login as the user on the destination website, all depends on the security and session setup the remote site is using.
Nick Craver
2010-10-16 09:31:32
+2
A:
You can't do it by reading the cookies. Each cookie is tied to a domain, and can only be read from that domain.
You can, however, use Twitter's REST API to get information about a user. Combining this with OAuth should let you make sure that the user actually owns that account, and let the user log in if they need to. Refer to Twitter's documentation for details.
Michael Madsen
2010-10-16 00:25:06