问题
The two different API code for Facebook, Google+ and Twitter is located in three respective different folders: "facebook" folder for the Facebook API, "twitter" folder for Twitter and "google_plus".
I'm trying to allow people to log on through Twitter and access the application, and give them the option to also log on through Facebook after logging on through Twitter and keep the twitter-based data after they logged through Facebook. I would basically like them to be able to view both their Twitter and Facebook feeds and other data mixed together at the same time.
I tried to implement sessions, but it looks like if they log through Facebook after logging through Twitter first, the Twitter session variable content become NULL and only Facebook session data is displayed. How can I manipulate the sessions so that Twitter session data can be kept when a user log through Facebook as well?
Below is what I did to test the data:
session_start();
require('../database/connection.php');
require_once('../twitter/twitteroauth/twitteroauth.php');
require_once('../twitter/config.php');
include_once '../facebook/fbmain.php';
Here I'll test the $_SESSION variable to see if twitter data is kept after a user logs through Facebook as well .. but Twitter data become NULL instead and the $_SESSION array only show Facebook data .. How can I make Twitter session data STAY after someone logs through Facebook as well ?
var_dump($_SESSION); var_dump(session_id()); // twitter session data gets overriden by facebook data although the variable names are different ..
/* If access tokens are not available redirect to connect page. */
if (empty($_SESSION['facebook_id']) && (empty($_SESSION['access_token']['oauth_token']) || empty($_SESSION['access_token']['oauth_token_secret']))) {
header('Location: ./clearsessions.php');
}
else {
/* Get user access tokens out of the session. */
$access_token = $_SESSION['access_token'];
/* Create a TwitterOauth object with consumer/user tokens. */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
/* If method is set change API call made. Test is called by default. */
$content = $connection->get('account/verify_credentials');
$json = json_encode($content);
$data = json_decode($json,true);
$screen_name = $data["screen_name"];
$name = $data["name"];
$image_url = $data['profile_image_url'];
$_SESSION['screen_name'] = $screen_name;
$_SESSION['image_url'] = $image_url;
$query = "SELECT * FROM Users WHERE username ='$screen_name'";
$result = mysql_query($query);
$result_count = mysql_num_rows($result);
if($result_count == 0) {
$insert = "INSERT INTO Users(username) VALUES('$screen_name')";
$result_insert = mysql_query($insert);
}
}
if(isset($_SESSION['oauth_token']) && isset($_SESSION['oauth_token_secret']) && isset($_SESSION['facebook_id'])){
$user = $_SESSION['facebook_id'];
}
?>
回答1:
After debugging his application it turned out his Facebook was setup to redirect to his www subdomain, while Twitter was setup to redirect to no subdomain. The session was lost since the cookie was issued on a strict basis.
So after logging in via Facebook the user was taken to www which issued one session/cookie, after logging via Twitter the user was taken to plain domain, where a completely different session/cookie was being issued/presented.
Solutions to the problem:
- Wildcard cookie
session_set_cookie_params( 0, '/', '.mywebsite.com' ); - Better solution - don't mix and match subdomains, set one canonical URL and stick to it.
来源:https://stackoverflow.com/questions/20052818/how-to-keep-twitter-api-session-alive-after-logging-through-facebook-api