Destroy cookies in rails, facebook connect, facebooker plugin

Question

So I have sort of a weird situation going on. I am using the Facebooker plugin for rails where I want users to be able to login and logout with their facebook profiles. However, once users logout, if I refresh the page, it logs them back in. This is only when users log in with facebook connect.

I think the problem is that a rogue cookie is just re-instantiating the session and thus my best guess is to manually destroy the cookies but to be honest I'm not entirely sure of how to do this. I printed out my cookie list (from request.cookies) both before and after I click logout. After logout is clicked, I still have this cookie lingering...but don't know how to delete it.

fbsetting_0b78c8f2c95ce671470bdcb1c19e5070 {"connectState":1,"oneLineStorySetting":1,"shortStorySetting":1,"inFacebook":false}

After playing around with it a little more, that cookie isn't even there...but upon refreshing the page I am logged in again.

I'm doing this all on localhost...not sure if that should cause a problem or not.

Any ideas?

Answer 1

Destroying local cookies isn't enough to terminate a Facebook Connect session. The connect JS library will recreate destroyed cookies as long as you still have an active session on the facebook.com domain -- and those cookies are inaccessible to you.

All log-outs must be handled by calling the logout function in the connect library.

e.g.,

<script>$H.fbconnect.logout();</script>

Answer 2

To delete a cookie, you need to set the cookie again with an expiration date in the past.

Answer 3

Bensign,

Did you figure out this problem? We are running into the same problem with Facebooker on Rails.

Answer 4

This is what I have in users controller

  def logout_facebook
    clear_facebook_session_information
    redirect_to root_url
  end

and this is how it is triggered

<%= fb_logout_link("Logout out", "#{root_url}users/logout_facebook")%>

This is how I got it to remove the cookies on the local side.

Note: don't forget to add a route to the logout_facebook method in your routes.

Answer 5

Thanq James

this is 100% solved my problem

in ruby on rails

thanks & regard

Answer 6

Hey @James B, a million thanks for the clean and full-proof solution to such a frazzled functionality. I've been literally going Blank over last 2 weeks since I came across the fact true to I believe almost all NEW-facebooker users, "facebook connect logging out completely". Or maybe just it was just a lack of documentation or some code excerpt I wasn't able to find till date in facebooker cover docs.

Anyway away from all that, moving to the solution which made me achieve it... Following to @James B method above.

---

Obviously I am assuming you all have read facebooker installation, configuration & usage instructions http://github.com/mmangino/facebooker. I also have used a plugin "authlogic_facebook_connect" which you can find at github.com page of kalasjocke/authlogic_facebook_connect.

Now I assume you already configured your application to work with facebook connect by using fb_login_button or authlogic_facebook_login_button. Clicking it you'd see a popup to log yourself into both your facebook account and into the local account of your app. Once you login you'd be getting a facebook_session to handle saving a new user in your DB (only if you wish to).

By default you'd not be getting birthday and email address of users in the facebook_session as response from facebook. To get them you need something like this in your initialization javascript in the body tag of the rhtml page...

<%= fb_connect_javascript_tag %> <%= init_fb_connect "XFBML",{ :app_settings=>" { permsToRequestOnConnect : 'email,user_birthday' }"} %> <%= authlogic_facebook_login_button %>

Now finally what I did for getting logged out of both Facebook and my site.

1. Inside the header of your application or wherever the LOGIN, LOGOUT, loggedin users's name etc will display...

<% unless facebook_session.nil? %> <%= fb_logout_link("logout", "#{$HOST_NAME}logout_both") %> <% else %> <%= link_to "logout", user_session_path, :method => :delete %> <% end %>

The two logout buttons are for different kind of users.. a. who registered directly on your site, b. who registerd to your site via facebook

1. Route for logout_both in routes.rb

map.connect "/logout_both", :controller=>"users", :action=>"logout_both"

1. The action for logout_both inside users_controller.rb

def logout_both current_user_session.destroy #clear_facebook_session_information flash[:notice] = "Logout successful!" redirect_to root_path end #End of method logout_both

1. You need to make sure that there are no filters defined in the controller which could restrict logout_both action to be executed without a session.

2. Oh yes and if you're wondering why that "clear_facebook_session_information" is commented in the action. Then don't worry, you're already logged out of facebook before entering this action, this line is no longer needed. Boss we're using "fb_logout_link" which first logs you out and then redirects you to this new action.

Well, that's about it. If this doesn't do it........ get your hands dirty like I am doing.. dig in.. solve it yourself. Facebooker is deep but has a definite END!!!

Again many thanks to mangino & kalasjocke for making facebook connect almost no painful for rails.

Drop questions if any at nitinr708ATyahoo.co.in

Nitin Rajora

Answer 7

One clarification people... in my Answer above.. There is a hick, which is.. After logout, if you refresh the page.. it would again show you logged in on your site.. however you're successfully logged out of Facebook. I was wrong, ONE BIG CLARIFICATION...... As a matter of fact you DO NEED THESE TWO LINES IN YOUR "logout_both" action

def logout_both
current_user_session.destroy
clear_facebook_session_information #MANDATORY TO COMPLETELY CLEAR COOKIES
reset_session # TO BE 100% sure you can use it optionally
flash[:notice] = "Logout successful!"
redirect_to root_path
end