I have been using Facebook login (PHP SDK) for a website for months without problems. Since a few days, we are experiencing problems.
Here is the code
$fbconfig['appid' ] = "...";
$fbconfig['secret'] = "...";
$fbconfig['baseurl'] = "myurl/index.php";
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true,
));
$user = $facebook->getUser();
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,user_likes,user_birthday',
'redirect_uri' => $fbconfig['baseurl']
)
);
$logoutUrl = $facebook->getLogoutUrl(
array(
'next' => $fbconfig['baseurl'].'?f=logout'
)
);
if ($user) {
....try {
$fb_user_infos_ar = $facebook->api('/me');
}
catch (FacebookApiException $e) {
$facebook->destroySession();
$user = null;
}
}
if (isset($fb_user_infos_ar)){
do something...
}
else{
show facebook login button
}
The problem we are experiencing is that the login seems to work, but after a while (most of the time even after a few seconds) the user is not recognized anymore as logged into facebook ($user is 0 and the login button is showed).
Has there been any change in the last few days to facebook rules or browsers that can explain this behavior? I have tried with both firefox and chrome with the same result. Since my PHP sdk was a few months old, I also tried with the very latest one with the same result. I also noticed that in the last version examples, "base_url" is not mentioned anymore, do you know why?
EDIT AFTER COMMENTS
After some hints coming from the comments, I have tried to debug what is happening; it seems that the token doesn't become invalid; in fact when I log-in again I still get a token generated hours before.
For some reason, however, sometime the user is considered NOT LOGGED (basically $facebook->getUser() is false) even if he is LOGGED.
One of the reason, as complex857 suggested, could be that facebook is having problems in talking with my site; in the last days I actually noticed a general performances loss in the site and after a debugging session today, I can say that the performances loss appears when there is a facebook activity involved. In particular I measured the execution time of this single instruction:
$fb_user_infos_ar = $facebook->api('/me');
and it is about 5 seconds; I have no idea how long it took before but I guess is too much; what do you think?
About possible cookies problem, what should I check?
EDIT 2 after answer
More details: if there are problems during the API call (catch part) I used to destroy the facebook session with
$facebook->destroySession();
and that's why the user logged out. Sometime it is actually not needed to destroy the session (e.g. if there is a timeout due to a network problem) so I should handle the exception according to the error.
As far as I have understood, the piece of code that Andy Jones provided
echo "error code = " . $e->getCode() . " error = " . $e->getMessage() . "
";
works fine for a CURL error but not for other kind of errors (e.g. token expired). For example if I print out the exception when the token is invalid due to password change I get:
FacebookApiException Object ( [result:protected] => Array ( [error] => Array ( [message] => Error validating access token: The session has been invalidated because the user has changed the password. [type] => OAuthException [code] => 190 [error_subcode] => 460 )
) [message:protected] => Error validating access token: The session has been invalidated because the user has changed the password. [string:Exception:private] => [code:protected] => 0 ....
$e->getCode() just give me 0 instead of 190.
Here is the list of the errors: https://developers.facebook.com/docs/reference/api/errors/ I think that a simple way to handle the process in my specific case would be: destroy the facebook session if the code is 190 or 102, otherwise try to repeat the operation. What do you think and which would be the best practice piece of code to handle this in a general way?
Another question: while logging the exceptions with $e->getMessage() I got "Error validating access token: The session has been invalidated because the user has changed the password." but I'm sure that for the user I was using at the time (my own) I haven't changed the facebook password. How can this happen? Is the same message produced even in other cases (e.g. when a token is at its natural expiration date)?
Thanks.