php - Losing session after a redirect to another domain then back -



php - Losing session after a redirect to another domain then back -

i creating login scheme utilize persons email address unique identifier in db. people can login using openid provider such google ect (also facebook), take email , store unique identifier in users table in sql db. (means dont have worry email verification, passwords ect , users dont have register).

this works, opening new window using link/javascript, php script directed google or whoever provider is. come in there details, google/ect automaticly redirect window login script along (if worked) user details (most importantly email).

now on response @ email, if in database, if not add together it, if so, using $_session, log user site.

i have working using openid mechanism (google, yahoo, ect). trying working facebook , having great difficulty. able log user fb, grab users email ect. seek log user site, not work. reason has seperate session(inc seperate sessionid) new window have opened (and script + redirection runs in), rest of site?

just wondering if has thought why happening.

this login script looks (thats runs in new window):

<?php $app_id = "your_app_id"; $app_secret = "your_app_secret"; $my_url = "your_url"; session_start(); $code = $_request["code"]; if(empty($code)) { $_session['state'] = md5(uniqid(rand(), true)); //csrf protection $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope=email&state=" . $_session['state']; echo("<script> top.location.href='" . $dialog_url . "'</script>"); } if($_request['state'] == $_session['state']) { $token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; $response = file_get_contents($token_url); $params = null; parse_str($response, $params); $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token']; $user = json_decode(file_get_contents($graph_url)); echo("hello " . $user->name); // try_register_or_login($user->email); } else { echo("the state not match. may victim of csrf."); } ?>

source: https://developers.facebook.com/docs/authentication/

i have spent far many hours trying work out myself. help much appreciated.

i believe issue may have crossing domains or potentially how cookie set.

for crossing domains, take @ cross domain cookies

another possibility flags set cookie. had exact issue when set secure flag on cookie , tried access via non secure (http) page. also, if httponly flag set, cause problems javascript. can read both flags @ http://www.php.net/manual/en/function.setcookie.php

php facebook session login session-variables

Comments

Post a Comment

Popular posts from this blog

iphone - Dismissing a UIAlertView -

iphone - Dismissing a UIAlertView - i set in app purchase app, , when user taps button, purchase started. basically, tap button, , depending on speed on net connection, waiting 10 seconds until new alert view comes asking if purchase product. user tap button multiple times since nil came up, , multiple purchase alert views come up. additionally, maybe seen user app bug. in end, problem. i want alert view come spinning wheel says "loading..." when users taps purchase button. problem is, how dismiss when new alert view comes asking user if want purchase product? if ([uialertview alloc] says: @"whatever apple's alert view says") { //dismiss "loading..." alert view here } i uncertainty work, input appreciated. thanks! you need have access alertview. can this. create alertview instance var in app delegate , when want show loading initialize instance var assign property , when want dismiss phone call [alertviewinstance d...
Read more

intellij idea - Update external libraries with intelij and java -

intellij idea - Update external libraries with intelij and java - simple plenty really. i'm using apache jars, i'll create changes jar's every often. these jars listed external libs in intelij (i.e classpath looking install dir of jar's). when create changes intelij doesn't seem know new implementation. have remove jar external library , re-ad it. does know have intelij picks changes automatically ? i've done clean , rebuild project had little effect. you can go preferences -> build, execution, deployment -> build tools -> maven -> importing , check box says import maven projects automatically . in mac, can command + shift + a , come in action reimport , click on reimport maven projects . intellij-idea
Read more

javascript - send data from a new window to previous window in php -

javascript - send data from a new window to previous window in php - i have image in main.php file : <img src="..\images\image.gif" class="cur" onclick="imgwin();"> when click on image below function has called : function imgwin() { imagewin=window.open("../pages/img.php","imagewin","toolbar=no,width=500,height=200,directories=no,menubar=no,scrollbars=yes"); } this function opens img.php in new window img.php file : <html> <head> <title>upload image</title> </head> <body> <form name="imgform" method="get" action="#"> address : <input type="file" name="imgurl" size="50"> description : <input type="text" name="description" size="50"> <input type="submit" value="sumbit...
Read more