Do facebook applications written with the help of FBJS need access to cookies? Say for example, my application just gets the the friends of logged in user into an array.
Do facebook applications written with
the help of FBJS need access to
cookies? Say for example, my
application just gets the the friends
of logged in user into an array.
You don't need cookies there. You can store whatever you want into the session (for temporary storage) or use a database instead. The logical move will be to store users into database in most cases.
Related
I am developing a website and i am having a problem in finding the best solution to maintain user login session.
Currently i am using Html5 web storage "session storage" to store whether user is logged in or not. But problem in this is that this only works in a single tab not across multiple tabs of a browser.
What should i use either Cookies or LocalStorage or i should maintain server side session and check every times a page loads on server whether the user is logged in or not ?
What is the best solution? please guide me.
I am using Node.js and mongodb in the backend and Angular and jquery in frontend.
First thing you must know is that sessions are made only for server-side not for client side. Second thing, if you want your user to not load everytime, try to save the data in user's cookies also don't think about it will require more time to load on server. Because sessions are only made for security purpose and i guess by storing them on client side you are not using that purpose. Also now major question is how to store them on the server side. Suppose your server goes down now all of your sessions will get deleted. Now to avoid that use some external data store like connect-mongo/connect-redis. redis is faster than mongo but if you want to use only memory store then search for memcached/cookie-sessions/jWT hope this answer helps :)
A very simple question which I've seen kinda answers to.
Can you do a facebook login with PHP to authenticate a user and grab information?
Why then is there a JS version?
I just don't understand the difference between the two above options.
My web app will need to gleen the users email address as there will be a mailing list component to signing up for our service.
How do you manage this local information and uniquely identify the user each time they log in from facebook? Do you store their facebook ID?
Thanks
1- Yes - https://developers.facebook.com/docs/reference/php/
2- So you can do it on the client side.
You can get user's email address if you have appropriate permissions.
Yes you store their facebook id and associate users with it.
They both do the same thing, just on different sides: on the server or on the client.
If your authentication process relies heavily on server interaction and you have your server side code ready, use the PHP SDK. It provids you with methods to get the ID from the user. This will be unique so you can store them.
If you want to manage an application flow, say the user needs to give your website certain permissions in order to view something, it can be easy done with the Javascript SDK.
I have a static website without any server side languages.
Is it possible to pass some custom values whenever a user tries to login then get the data back when the user successfully signed in and comes back to my website from facebook?
I've read about signed_request, but that requires PHP.
You're essentially asking if Facebook will store data for you.
Unfortunately, the answer is no. You need some kind of mechanism on your server that can match a Facebook user to the data you need stored.
You could use local storage, but that's obviously local to the browser and prone to tampering.
I wondered if there was a way to login to Facebook via the oAuth (get-request) instead of using the FB.login().
The reason I would complicate the login is because of the FB.logout() problem. It is too cocky to logout someone from Facebook, just because they want to logout from my site. On the other hand, deleting the user from my application*, will prompt them to accept my terms everytime, which also doesn't seem to be very pro.
What I was imaging was:
I get the information needed from the GET-call
I store the session-cookies
I delete them if the user wants to logout
Once I retrieve the userid + access_token, I can get all the other information by simply making the JSON calls (no?).
It also bugs me in general that facebook stores so many cookies (what are they doing?)..
I tried to search this, but no luck this far.
*as proposed in this topic by DMCS: Can't Logout of my Facebook OAuth Session without logging User Out of Facebook
You can use the server side flows which, but you will have to adhere to the same policy.
Either way, it sounds like you are using FB's session data to control the auth state, something which is a very bad idea - you should only use the data provided by Facebook as an initial claim, which you then convert into a local claim with corresponding auth tokens/session cookies etc.
I just want to know can I create registration page with using javascript in html page and store all details to the client-side cookie session or I should have a database to store all information there?
Any help would be appreciated
This has to be server side, in a database. Why would you want to store this on users computers? What would happen if they moved to a different computer or deleted their temporary internet files? You'd cause problems.
Hi there, I just want to know can I create registration page with using javascript in html page and store all details to the client-side cookie session
You could, but then the user would be registering with their browser rather then with your website, which doesn't appear to make sense.
should have a database to store all information there?
Having a server side system which stores information in a database is the standard approach.
If you want to persist your user information and if you want your user be able to login to your application from anywhere, then you should use a server side database and store your registration information.
Yes, you could do that, but it would not provide any kind of security. It would also mean that you lose out on the ability to keep track of your users, unless the cookie is read by the server. Finally, your user's registration would only be valid on their computer, again unless there is a way for them to retrieve their information from the server (which means the server will need to have it).
If it's a HTML5 app you could use the localStorage and sessionStorage Objects to store your info however if the items you are collecting are security sensitive I'd send the info to a database or a protected file on the server. Leaving sensitive info in a cookie isn't wise.
If you're working with passwords, get that stuff into a database and encrypted/salted!