-
- 93 Posts
I've been working on integrating Facebook Login with MODX Revo 2.2 over the past couple of days. Everything works fine apart from the case where a user deauthorises or removes my app. Since with Facebook login, logins are persisted between site visits, I need some way to 'boot' a user out - i.e. force logout - setting the active field to 0 isn't enough as they are already logged in when the deauthorisation takes place.
On deauthorisation/removal, I can have facebook ping a particular URL to give me the id of my user and I can use that to grab that particular user but I can't figure out a way of forcing logout. I have tried $user->endSession() without success and also tried removeContext('web') but it doesn't seem to work which makes me think I'm not really understanding my user instance.
What am I missing?
-
- 93 Posts
OK, best I can think of for handling this is to set the user's active field to 0 when facebook pings my site and then have a plugin that runs on the onhttprequest system event to redirect inactive users to logout.
Is this the only way I'm going to get this done?
-
- 406 Posts
have modx find/remove the facebook cookies associated with all the logins etc.??
-
- 93 Posts
Yes, am doing that but the user is also logged in via modx so when I remove the Facebook session and cookie, the user is still logged in via modx - pretty sure now the plugin is the only way to go on this.
-
- 93 Posts
Can't use the onHttpRequest event as it doesn't pass in the active user - sigh
-
- 406 Posts
check and remove the facebook cookies on user modx logout event??
-
- 93 Posts
Tom the issue is, the user isn't logging out so the onlogout event never gets fired. I can remove the FAcebook session and cookie during the deauthorisation ping - just can't log the user out from MODX.
I think I'm just going to add an uncached snippet to my templates in the 'protected' area of the site to check for inactive users and bounce them - just was hoping there would be something a bit more, hmmm, elegant.
