Facebook Logout from app without session (user app authorization)

Question

I've been banging my head against a wall with this one for way too long now.

I have a page outside facebook, with a like-button. Because it should be on a public computer, we also need a visible logout-button. When "like" is clicked, the user is prompted for login credentials. If those are ok, the like-event goes through ok. The user then should be able to log out. Which doesn't work.

The like button is now an -element. When clicked, it creates an edge.create-event that I can catch nicely.

For Logout button, i've tried 2 options.

First one:

<fb:login-button autologoutlink="true"></fb:login-button>

problem with this is, the link stays as "login" even after the user has logged in through the like-link, even after page refresh.

and a plain button, that triggers

FB.logout(function(response) {
   cout(response);
});

This returns an error "FB.logout() called without a session." this seems to be because the user hasn't authorized the application. So the application has no rights. Both logout-options work fine IF the user has authorized the application. Problem is, this is only asked when the "login"-button is clicked. In this use case it wouldn't make sense for the user to first login and then click like.

Any ideas how to get the logout to work without getting the app authorization from the user? Or how to make "like"-button in a way that it will ask for the app authorization?

Answer 1

I don't think it is possible.

You can check if somebody is currently logged in to facebook but not your up, that's about the most you can do. If a user is not authorized your app then you can't do anything with their login session (or data).

I don't think you should worry about public computers though, it is facebook's problem after all, not yours. If a user checks "remember me" on a public computer during login then they most likely won't click your logout button either.