User Session stays after logoff

Jun 29, 2007 at 7:59 AM
Hi, I have my app working but when i logged out of facebook and come in as another user, the session from the original user is still there?
How do you clear out that session?

Everything works great, if i close out the browser, clear cache, clear session etc. but why doesn't log off from facebook clear it?
What am i misssing? seems like i have a permanent session.

the snippet for the default page:

-----------------
' ApplicationKey and Secret are acquired when you sign up for
_fbService.ApplicationKey = ConfigurationManager.AppSettings("ApplicationKey")
_fbService.Secret = ConfigurationManager.AppSettings("Secret")
_fbService.IsDesktopApplication = False

Dim sessionKey As String = TryCast(Session("facebooksessionkey"), String)
Dim userId As String = TryCast(Session("facebook_userId"), String)
' When the user uses the facebook login page, the redirect back here will will have the auth_token in the query params
Dim authToken As String = Request.QueryString("auth_token")

'authToken = "1577c745a4e804f168474032ac44ac81"
' We have already established a session on behalf of this user
If (Not String.IsNullOrEmpty(sessionKey)) Then
_fbService.SessionKey = sessionKey
_fbService.UserId = userId
' This will be executed when facebook login redirects to our page
ElseIf (Not String.IsNullOrEmpty(authToken)) Then
_fbService.CreateSession(authToken)
Session("facebooksessionkey") = _fbService.SessionKey
Session("facebook_userId") = _fbService.UserId
Session("facebooksessionexpires") = _fbService.SessionExpires
' Need to login
Else

Response.Redirect("http://www.facebook.com/login.php?api_key=" & _fbService.ApplicationKey & "&v=1.0")
End If

-----------

seems like after i log out and come back to this page, the session is still there.

what am i missing?
Jun 29, 2007 at 8:56 AM
i don't know if this is the right thing to do or not, as i saw the quertystring from facebook come across.
i added this to the top

If Request("fbsiguser") <> "" Then
'This is a first time sign in., force redirect.
'Clear all the other session
Response.Write(Request.ServerVariables("QUERY_STRING"))
' Response.End()

' Session.Clear()
Session("facebooksessionkey") = "" '_fbService.SessionKey
Session("facebookuserId") = "" 'fbService.UserId
Session("facebooksessionexpires") = "" ' _fbService.SessionExpires
Response.Redirect("http://www.facebook.com/login.php?api_key=" & ConfigurationManager.AppSettings("ApplicationKey") & "&v=1.0")

End If

and that seem to work.
force the app to call the login page again.

Is there a better way to do this?
Coordinator
Jun 29, 2007 at 2:15 PM
You have the right idea. The issue arises because of the use of session for storing the context across posts. If you changed this to use view state or cookies, it would probably also help.

I was thinking that I should change the iframe canvas base page to use viewstate instead of session to avoid this situation.

Not sure, if there is a way to hook into the logout. But, you do need to make sure that the logged in user is the same user that you have a session associated with.
Jun 30, 2008 at 10:51 PM


ekhanh101 wrote:
i don't know if this is the right thing to do or not, as i saw the quertystring from facebook come across.
i added this to the top

If Request("fbsiguser") <> "" Then
'This is a first time sign in., force redirect.
'Clear all the other session
Response.Write(Request.ServerVariables("QUERY_STRING"))
' Response.End()

' Session.Clear()
Session("facebooksessionkey") = "" '_fbService.SessionKey
Session("facebookuserId") = "" 'fbService.UserId
Session("facebooksessionexpires") = "" ' _fbService.SessionExpires
Response.Redirect("http://www.facebook.com/login.php?api_key=" & ConfigurationManager.AppSettings("ApplicationKey") & "&v=1.0")

End If

and that seem to work.
force the app to call the login page again.

Is there a better way to do this?


ekhanh101, how exactly are you using it. what do you mean 'add it to the top', top of what ?

I would really like to find out how this works