发表新帖
发表新帖

Possible to find out whether a user is logged into facebook over javascript API?

后端 未结
关注
3 1873
悲&欢浪女
悲&欢浪女 2020-12-05 08:02

This question is not a duplicate of this one.

I don\'t want to know whether the user has authorized my application, but if the user is logged into facebook (complete

相关标签:
3条回答
  • 一生所求
    2020-12-05 08:43

    This article

    https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

    identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.

    Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.

    0 讨论(0)
  • 时光取名叫无心
    2020-12-05 08:57

    There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point). Using the Javascript SDK, you can do:

    <div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {

    FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
             xfbml: true});

    FB.getLoginStatus(function(o) { 
       if (!o && o.status) return;
       if (o.status == 'connected') {
          // USER IS LOGGED IN AND HAS AUTHORIZED APP
       } else if (o.status == 'not_authorized') {
          // USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
       } else {
          // USER NOT CURRENTLY LOGGED IN TO FACEBOOK
       }
    });

  };

  (function() {
    var e = document.createElement('script'); e.async = true;
    e.src = document.location.protocol +
      '//connect.facebook.net/en_US/all.js';
    document.getElementById('fb-root').appendChild(e);
  }());

</script>

    An aside: if XAuth had caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.

    0 讨论(0)
  • 故里飘歌
    2020-12-05 08:57

    I also ran into similar requirements and solved my problem with following code; Using the Javascript SDK, I used FB object. FB is a facebook object, it has property called _userStatus, this can be used like following.

    if(FB._userStatus == "connected")
{
// USER IS LOGGED IN AND HAS AUTHORIZED APP 
}
else if(FB._userStatus == "notConnected"){
   // USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)  
}
else if(FB._userStatus == "unknown")
{
    // USER NOT CURRENTLY LOGGED IN TO FACEBOOK 
}

    The above code is very useful. It can be used in any part of the page as long FB object is not null.

    0 讨论(0)
 看不清?
提交回复
热议问题