Facebook

Extends the BaseFacebook class with the intent of using PHP sessions to store user ids and access tokens.

Defined (1)

The class is defined in the following location(s).

/facebook/facebook.php  
  1. class Facebook extends BaseFacebook 
  2. const FBSS_COOKIE_NAME = 'fbss'; 
  3.  
  4. // We can set this to a high number because the main session 
  5. // expiration will trump this. 
  6. const FBSS_COOKIE_EXPIRE = 31556926; // 1 year 
  7.  
  8. // Stores the shared session ID if one is set. 
  9. protected $sharedSessionID; 
  10.  
  11. /** 
  12. * Identical to the parent constructor, except that 
  13. * we start a PHP session to store the user ID and 
  14. * access token if during the course of execution 
  15. * we discover them. 
  16. * @param Array $config the application configuration. Additionally 
  17. * accepts "sharedSession" as a boolean to turn on a secondary 
  18. * cookie for environments with a shared session (that is, your app 
  19. * shares the domain with other apps). 
  20. * @see BaseFacebook::__construct in facebook.php 
  21. */ 
  22. public function __construct($config) { 
  23. if (!session_id()) { 
  24. session_start(); 
  25. parent::__construct($config); 
  26. if (!empty($config['sharedSession'])) { 
  27. $this->initSharedSession(); 
  28.  
  29. protected static $kSupportedKeys = 
  30. array('state', 'code', 'access_token', 'user_id'); 
  31.  
  32. protected function initSharedSession() { 
  33. $cookie_name = $this->getSharedSessionCookieName(); 
  34. if (isset($_COOKIE[$cookie_name])) { 
  35. $data = $this->parseSignedRequest($_COOKIE[$cookie_name]); 
  36. if ($data && !empty($data['domain']) && 
  37. self::isAllowedDomain($this->getHttpHost(), $data['domain'])) { 
  38. // good case 
  39. $this->sharedSessionID = $data['id']; 
  40. return; 
  41. // ignoring potentially unreachable data 
  42. // evil/corrupt/missing case 
  43. $base_domain = $this->getBaseDomain(); 
  44. $this->sharedSessionID = md5(uniqid(mt_rand(), true)); 
  45. $cookie_value = $this->makeSignedRequest( 
  46. array( 
  47. 'domain' => $base_domain,  
  48. 'id' => $this->sharedSessionID,  
  49. ); 
  50. $_COOKIE[$cookie_name] = $cookie_value; 
  51. if (!headers_sent()) { 
  52. $expire = time() + self::FBSS_COOKIE_EXPIRE; 
  53. setcookie($cookie_name, $cookie_value, $expire, '/', '.'.$base_domain); 
  54. } else { 
  55. // @codeCoverageIgnoreStart 
  56. self::errorLog( 
  57. 'Shared session ID cookie could not be set! You must ensure you '. 
  58. 'create the Facebook instance before headers have been sent. This '. 
  59. 'will cause authentication issues after the first request.' 
  60. ); 
  61. // @codeCoverageIgnoreEnd 
  62.  
  63. /** 
  64. * Provides the implementations of the inherited abstract 
  65. * methods. The implementation uses PHP sessions to maintain 
  66. * a store for authorization codes, user ids, CSRF states, and 
  67. * access tokens. 
  68. */ 
  69. protected function setPersistentData($key, $value) { 
  70. if (!in_array($key, self::$kSupportedKeys)) { 
  71. self::errorLog('Unsupported key passed to setPersistentData.'); 
  72. return; 
  73.  
  74. $session_var_name = $this->constructSessionVariableName($key); 
  75. $_SESSION[$session_var_name] = $value; 
  76.  
  77. protected function getPersistentData($key, $default = false) { 
  78. if (!in_array($key, self::$kSupportedKeys)) { 
  79. self::errorLog('Unsupported key passed to getPersistentData.'); 
  80. return $default; 
  81.  
  82. $session_var_name = $this->constructSessionVariableName($key); 
  83. return isset($_SESSION[$session_var_name]) ? 
  84. $_SESSION[$session_var_name] : $default; 
  85.  
  86. protected function clearPersistentData($key) { 
  87. if (!in_array($key, self::$kSupportedKeys)) { 
  88. self::errorLog('Unsupported key passed to clearPersistentData.'); 
  89. return; 
  90.  
  91. $session_var_name = $this->constructSessionVariableName($key); 
  92. unset($_SESSION[$session_var_name]); 
  93.  
  94. protected function clearAllPersistentData() { 
  95. foreach (self::$kSupportedKeys as $key) { 
  96. $this->clearPersistentData($key); 
  97. if ($this->sharedSessionID) { 
  98. $this->deleteSharedSessionCookie(); 
  99.  
  100. protected function deleteSharedSessionCookie() { 
  101. $cookie_name = $this->getSharedSessionCookieName(); 
  102. unset($_COOKIE[$cookie_name]); 
  103. $base_domain = $this->getBaseDomain(); 
  104. setcookie($cookie_name, '', 1, '/', '.'.$base_domain); 
  105.  
  106. protected function getSharedSessionCookieName() { 
  107. return self::FBSS_COOKIE_NAME . '_' . $this->getAppId(); 
  108.  
  109. protected function constructSessionVariableName($key) { 
  110. $parts = array('fb', $this->getAppId(), $key); 
  111. if ($this->sharedSessionID) { 
  112. array_unshift($parts, $this->sharedSessionID); 
  113. return implode('_', $parts);