Facebook v4a Does Not Completely Logout User

Rob, have you received an update from Engineering?

Not yet, I’m re-asking.

We don’t store any facebook information, just invoking Facebook SDK calls. I will check what is going on there.

Vlad, any update on this?

Can you confirm what I’m seeing - that after a user is logged in, then uses Logout, the next Login results in a “Continue” rather than a chance to log in as a different user?

We do not store any credentials, just call Facebook SDK calls. I do not understand why do you see an issue here, user is logged out of the application, but it is possible that login remains in browser or something like that…

Vlad, the problem is that the user is not really logged out - his credentials remain in place, and all he or anyone else has to do is tap Continue. There is no way to allow a different account to be used.

When testing this on a device, as noted in my original post, I made sure the official Facebook app was not installed, and Facebook was not logged in Safari.

It appears the Access Token is actually being cached and reused, even after the Logout call. Besides being annoying, it is also a potential security risk, and goes against Facebook policy, as I linked above.

How do I log out a Facebook user and allow a different Facebook account to be used?

Rob and Vlad, I’ll ask again: How do I log out a Facebook user and allow a different Facebook account to be used?

Have you submitted a bug report on this?

Rob, no I have not. I wasn’t clear from your and Vlad’s responses whether you considered this a bug, so I wanted to know if there is, in fact, some way to use a different Facebook account or not.

This feels like a bug to me.  Can you submit a bug report?  You can probably use our sample app as the demo code, just make sure in the description what observations you’re seeing and what your expectations are. You can use the report a bug link at the top of this page.

Rob

Submitted Ticket 11987134

Thanks!  We have an engineer tasked to the FB plugin, so having this bug report will be helpful.

Rob

Hello! After long investigation, we confirmed multiple times this is not an issue. If you want to deauthorize your app, you can do:

facebook.request("me/permissions", "DELETE") -- very optional, and not recommended, only to test permission requests! facebook.logout()

Then, start Safari, go to facebook.com, press ☰ in top right, select logout.

If you have facebook app installed, logout there too.

If you have iOS with signed in Facebook account, select Options -> Accounts -> Facebook and logout (this is only for old iOS)

After this, attempt to login would prompt for password.

NOTE: Corona facebook plugins do not store any tokens or login information. Behaviour you’re seeing is intended by Facebook and not only default for facebook iOS SDK, but can not be changed.

Thank you.