Facebook v4a Does Not Completely Logout User

jmaher · December 4, 2017, 3:07pm

Rob, have you received an update from Engineering?

rob · December 4, 2017, 3:49pm

Not yet, I’m re-asking.

vlads · December 4, 2017, 4:26pm

We don’t store any facebook information, just invoking Facebook SDK calls. I will check what is going on there.

jmaher · December 11, 2017, 8:50pm

Vlad, any update on this?

Can you confirm what I’m seeing - that after a user is logged in, then uses Logout, the next Login results in a “Continue” rather than a chance to log in as a different user?

vlads · December 11, 2017, 9:02pm

We do not store any credentials, just call Facebook SDK calls. I do not understand why do you see an issue here, user is logged out of the application, but it is possible that login remains in browser or something like that…

jmaher · December 11, 2017, 10:18pm

Vlad, the problem is that the user is not really logged out - his credentials remain in place, and all he or anyone else has to do is tap Continue. There is no way to allow a different account to be used.

When testing this on a device, as noted in my original post, I made sure the official Facebook app was not installed, and Facebook was not logged in Safari.

It appears the Access Token is actually being cached and reused, even after the Logout call. Besides being annoying, it is also a potential security risk, and goes against Facebook policy, as I linked above.

How do I log out a Facebook user and allow a different Facebook account to be used?

jmaher · December 18, 2017, 5:22pm

Rob and Vlad, I’ll ask again: How do I log out a Facebook user and allow a different Facebook account to be used?

rob · December 18, 2017, 6:43pm

Have you submitted a bug report on this?

jmaher · December 18, 2017, 7:14pm

Rob, no I have not. I wasn’t clear from your and Vlad’s responses whether you considered this a bug, so I wanted to know if there is, in fact, some way to use a different Facebook account or not.

rob · December 18, 2017, 9:41pm

This feels like a bug to me. Can you submit a bug report? You can probably use our sample app as the demo code, just make sure in the description what observations you’re seeing and what your expectations are. You can use the report a bug link at the top of this page.

Rob

jmaher · December 20, 2017, 3:47pm

Submitted Ticket 11987134

rob · December 20, 2017, 7:14pm

Thanks! We have an engineer tasked to the FB plugin, so having this bug report will be helpful.

Rob

vlads · March 6, 2018, 5:24pm

Hello! After long investigation, we confirmed multiple times this is not an issue. If you want to deauthorize your app, you can do:

facebook.request("me/permissions", "DELETE") -- very optional, and not recommended, only to test permission requests! facebook.logout()

Then, start Safari, go to facebook.com, press ☰ in top right, select logout.

If you have facebook app installed, logout there too.

If you have iOS with signed in Facebook account, select Options -> Accounts -> Facebook and logout (this is only for old iOS)

After this, attempt to login would prompt for password.

NOTE: Corona facebook plugins do not store any tokens or login information. Behaviour you’re seeing is intended by Facebook and not only default for facebook iOS SDK, but can not be changed.

Thank you.