Hi all, I''m trying to get a Rails site up and running with Facebook Connect using facebooker. I''ve looked through a couple of the tutorials, and I''m wondering if my understanding of how sessions are supposed to work with facebooker & Facebook connect is completely off. I expected the set_facebook_session before_filter to be able to figure out if I''m already logged in to facebook, and create a facebook_session object if so. Then, I could use the facebook_session information to log the user into my site automatically. Is this even a correct way of thinking about how facebooker''s facebook_session works? If that''s not what it''s used for, then what is the purpose of set_facebook_session? Thanks for your help, Jason
Hi Jason. I''m also working on a rails facebooker app and managed to do the basic integration. I found this tutorial very helpful. It helps you set up your facebook connect app and modify your user handling to automatically log you in if you are already in facebook, and also explains how to link your own user accounts with facebook. It uses the restful_authentication plugin, but it should be gooed even if you are using your own authentication code: http://www.madebymany.co.uk/tutorial-for-restful_authentication-on-rails-with-facebook-connect-in-15-minutes-00523 Feel free to contact me directly with questions. I''m no expert, but it''s always useful to talk with others working on similar projects. Later! Engel A. Sanchez ?Do what you love to do and give it your very best. Whether it''s business or baseball, or the theater, or any field. If you don''t love what you''re doing and you can''t give it your best, get out of it. Life is too short. You''ll be an old man before you know it.? http://evilengel.blogspot.com ----- Original Message ---- From: Jason Brubaker <jbrubaker at cmu.edu> To: facebooker-talk at rubyforge.org Sent: Tuesday, August 18, 2009 9:49:35 AM Subject: [Facebooker-talk] Facebook connect & sessions Hi all, I''m trying to get a Rails site up and running with Facebook Connect using facebooker. I''ve looked through a couple of the tutorials, and I''m wondering if my understanding of how sessions are supposed to work with facebooker & Facebook connect is completely off. I expected the set_facebook_session before_filter to be able to figure out if I''m already logged in to facebook, and create a facebook_session object if so. Then, I could use the facebook_session information to log the user into my site automatically. Is this even a correct way of thinking about how facebooker''s facebook_session works? If that''s not what it''s used for, then what is the purpose of set_facebook_session? Thanks for your help, Jason _______________________________________________ Facebooker-talk mailing list Facebooker-talk at rubyforge.org http://rubyforge.org/mailman/listinfo/facebooker-talk
Hi Jason, They work like so. A user visits your site and wants to login they click the Facebook Connect button and one of two things happen. If the user is already logged into Facebook then they are logged into the application otherwise a popup window appears you supply your Facebook user/pass and are logged into the application. The actual process is when you authenticate with Facebook via FacebookConnect a few facebook cookies are generated and those cookies are stored under the hostname of your app www.myfacebookapp.com or whatever. From those cookies Facebooker can generated a Facebooker::Session, which you can use to simply verify if a user is authenticated with Facebook by checking if facebook_session is not nil or even query the Facebook API for user information with ''facebook_session.user.name''. It can''t verify that you are already logged into Facebook when you visit your application of the first time however. So you''re not automatically logged into any Facebook Connect site by virtue of the fact you''re logged into Facebook. I''m not sure that''s even possible, and if it was it wouldn''t be what user''s expect. set_facebook_session is there to create the facebook_session from the the cookies, indeed it is also used in standard FB applications to generate a Facebooker::Session based on post data to your app and also for Desktop applications. I hope that makes sense. Correct me if this isn''t completely correct. RobL http://www.robl.me Jason Brubaker wrote:> Hi all, > > I''m trying to get a Rails site up and running with Facebook Connect > using facebooker. I''ve looked through a couple of the tutorials, and > I''m wondering if my understanding of how sessions are supposed to work > with facebooker & Facebook connect is completely off. > > I expected the set_facebook_session before_filter to be able to figure > out if I''m already logged in to facebook, and create a > facebook_session object if so. Then, I could use the facebook_session > information to log the user into my site automatically. Is this even a > correct way of thinking about how facebooker''s facebook_session works? > If that''s not what it''s used for, then what is the purpose of > set_facebook_session? > > Thanks for your help, > Jason > _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk
Jason, perhaps you could clarify if you mean when the user visits your application directly going to your site outside of facebook (where Rob''s comments below apply), or visit your application within facebook (your app being accessed as a canvas page like a regular non-facebook-connect app), in which case you can automatically log them in. Now, facebook connect app do have indirect access to the facebook domain cookies (they use the facebook domain iframe talking to your cross-domain top level receiver page trick described in the facebook connect docs), so in theory you may be able to log them in like that. In THEORY, I''m only speculating here, sorry. Engel A. Sanchez ?Do what you love to do and give it your very best. Whether it''s business or baseball, or the theater, or any field. If you don''t love what you''re doing and you can''t give it your best, get out of it. Life is too short. You''ll be an old man before you know it.? http://evilengel.blogspot.com ----- Original Message ---- From: Rob Lacey <contact at robl.me> To: Jason Brubaker <jbrubaker at cmu.edu> Cc: facebooker-talk at rubyforge.org Sent: Tuesday, August 18, 2009 11:54:40 AM Subject: Re: [Facebooker-talk] Facebook connect & sessions Hi Jason, They work like so. A user visits your site and wants to login they click the Facebook Connect button and one of two things happen. If the user is already logged into Facebook then they are logged into the application otherwise a popup window appears you supply your Facebook user/pass and are logged into the application. The actual process is when you authenticate with Facebook via FacebookConnect a few facebook cookies are generated and those cookies are stored under the hostname of your app www.myfacebookapp.com or whatever. From those cookies Facebooker can generated a Facebooker::Session, which you can use to simply verify if a user is authenticated with Facebook by checking if facebook_session is not nil or even query the Facebook API for user information with ''facebook_session.user.name''. It can''t verify that you are already logged into Facebook when you visit your application of the first time however. So you''re not automatically logged into any Facebook Connect site by virtue of the fact you''re logged into Facebook. I''m not sure that''s even possible, and if it was it wouldn''t be what user''s expect. set_facebook_session is there to create the facebook_session from the the cookies, indeed it is also used in standard FB applications to generate a Facebooker::Session based on post data to your app and also for Desktop applications. I hope that makes sense. Correct me if this isn''t completely correct. RobL http://www.robl.me Jason Brubaker wrote:> Hi all, > > I''m trying to get a Rails site up and running with Facebook Connect using facebooker. I''ve looked through a couple of the tutorials, and I''m wondering if my understanding of how sessions are supposed to work with facebooker & Facebook connect is completely off. > > I expected the set_facebook_session before_filter to be able to figure out if I''m already logged in to facebook, and create a facebook_session object if so. Then, I could use the facebook_session information to log the user into my site automatically. Is this even a correct way of thinking about how facebooker''s facebook_session works? If that''s not what it''s used for, then what is the purpose of set_facebook_session? > > Thanks for your help, > Jason > _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk_______________________________________________ Facebooker-talk mailing list Facebooker-talk at rubyforge.org http://rubyforge.org/mailman/listinfo/facebooker-talk
Hi Engel, Thanks for the reply. I have been working from that tutorial -- it''s been helpful, but not very specific about WHY things work. I''ll definitely keep you in mind if I have a specific question later on. Thanks again, Jason Brubaker Engel Sanchez wrote:> Hi Jason. I''m also working on a rails facebooker app and managed to do the basic integration. I found this tutorial very helpful. It helps you set up your facebook connect app and modify your user handling to automatically log you in if you are already in facebook, and also explains how to link your own user accounts with facebook. It uses the restful_authentication plugin, but it should be gooed even if you are using your own authentication code: > > http://www.madebymany.co.uk/tutorial-for-restful_authentication-on-rails-with-facebook-connect-in-15-minutes-00523 > > Feel free to contact me directly with questions. I''m no expert, but it''s always useful to talk with others working on similar projects. Later! > > Engel A. Sanchez > > > ?Do what you love to do and give it your very best. Whether it''s business or baseball, or the theater, or any field. If you don''t love what you''re doing and you can''t give it your best, get out of it. Life is too short. You''ll be an old man before you know it.? > > > http://evilengel.blogspot.com > > > > ----- Original Message ---- > From: Jason Brubaker <jbrubaker at cmu.edu> > To: facebooker-talk at rubyforge.org > Sent: Tuesday, August 18, 2009 9:49:35 AM > Subject: [Facebooker-talk] Facebook connect & sessions > > Hi all, > > I''m trying to get a Rails site up and running with Facebook Connect using facebooker. I''ve looked through a couple of the tutorials, and I''m wondering if my understanding of how sessions are supposed to work with facebooker & Facebook connect is completely off. > > I expected the set_facebook_session before_filter to be able to figure out if I''m already logged in to facebook, and create a facebook_session object if so. Then, I could use the facebook_session information to log the user into my site automatically. Is this even a correct way of thinking about how facebooker''s facebook_session works? If that''s not what it''s used for, then what is the purpose of set_facebook_session? > > Thanks for your help, > Jason > _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk > > > > > >
Hi Rob, Thank you for the explanation. I''m not sure why I expected that if I was logged into Facebook that I wouldn''t have to log into my site (as long as I had previously connected the two). Anyway, your explanation makes a lot of sense, and I appreciate you taking the time to set me straight. Regards, Jason Brubaker Rob Lacey wrote:> Hi Jason, > > They work like so. A user visits your site and wants to login they > click the Facebook Connect button and one of two things happen. If the > user is already logged into Facebook then they are logged into the > application otherwise a popup window appears you supply your Facebook > user/pass and are logged into the application. > > The actual process is when you authenticate with Facebook via > FacebookConnect a few facebook cookies are generated and those cookies > are stored under the hostname of your app www.myfacebookapp.com or > whatever. From those cookies Facebooker can generated a > Facebooker::Session, which you can use to simply verify if a user is > authenticated with Facebook by checking if facebook_session is not nil > or even query the Facebook API for user information with > ''facebook_session.user.name''. > > It can''t verify that you are already logged into Facebook when you > visit your application of the first time however. So you''re not > automatically logged into any Facebook Connect site by virtue of the > fact you''re logged into Facebook. I''m not sure that''s even possible, > and if it was it wouldn''t be what user''s expect. > > set_facebook_session is there to create the facebook_session from the > the cookies, indeed it is also used in standard FB applications to > generate a Facebooker::Session based on post data to your app and also > for Desktop applications. > > I hope that makes sense. Correct me if this isn''t completely correct. > > RobL > http://www.robl.me > > > > Jason Brubaker wrote: >> Hi all, >> >> I''m trying to get a Rails site up and running with Facebook Connect >> using facebooker. I''ve looked through a couple of the tutorials, and >> I''m wondering if my understanding of how sessions are supposed to >> work with facebooker & Facebook connect is completely off. >> >> I expected the set_facebook_session before_filter to be able to >> figure out if I''m already logged in to facebook, and create a >> facebook_session object if so. Then, I could use the facebook_session >> information to log the user into my site automatically. Is this even >> a correct way of thinking about how facebooker''s facebook_session >> works? If that''s not what it''s used for, then what is the purpose of >> set_facebook_session? >> >> Thanks for your help, >> Jason >> _______________________________________________ >> Facebooker-talk mailing list >> Facebooker-talk at rubyforge.org >> http://rubyforge.org/mailman/listinfo/facebooker-talk > >
On Aug 18, 2009, at 2:22 PM, Jason Brubaker wrote:> Hi Rob, > > Thank you for the explanation. I''m not sure why I expected that if I > was logged into Facebook that I wouldn''t have to log into my site > (as long as I had previously connected the two).Actually, that is the case, rob was talking about the *very* first time you visit the site, and haven''t previously approved it. You shouldn''t have to click the connect button if you''re logged into facebook and have previously approved the connect app. A good demo is the runaround, try logging-in+approving, logging out, logging into facebook and returning: http://www.somethingtoputhere.com/therunaround/ The following explanation could really use a visual diagram, but here''s the rough sequence, assuming you''re logged into facebook and visit a site that you''ve previously approved: 1) load page (with FBML) 2) page calls the FB.Facebook.init(api_key,xd_receiver_file) on the client side (use the init_fb_connect helper) 3) the client side knows about the facebook session, but the page has already loaded 4) load new page 5) facebook cookies are set, and facebook_session is available on the server side 6) do whatever you want with the facebook session in your view So the takeaway is that you will auto-login on the 2nd page load. You can automate step 4 with a callback in step 2, for example try including the following somewhere near the bottom of your page: <% init_fb_connect do %> <% if !logged_in? %> <%= "location.reload()"%> <% end %> <% end %> That would do a full page reload if the facebook session is available and the user isn''t logged in on the server side, assuming you have a logged_in? helper function. Not the most elegant solution, but this should get you started - add whatever callback you want in the init_fb_connect block. - kevin> Anyway, your explanation makes a lot of sense, and I appreciate you > taking the time to set me straight. > > Regards, > Jason Brubaker > > Rob Lacey wrote: >> Hi Jason, >> >> They work like so. A user visits your site and wants to login they >> click the Facebook Connect button and one of two things happen. If >> the user is already logged into Facebook then they are logged into >> the application otherwise a popup window appears you supply your >> Facebook user/pass and are logged into the application. >> >> The actual process is when you authenticate with Facebook via >> FacebookConnect a few facebook cookies are generated and those >> cookies are stored under the hostname of your app www.myfacebookapp.com >> or whatever. From those cookies Facebooker can generated a >> Facebooker::Session, which you can use to simply verify if a user >> is authenticated with Facebook by checking if facebook_session is >> not nil or even query the Facebook API for user information with >> ''facebook_session.user.name''. >> >> It can''t verify that you are already logged into Facebook when you >> visit your application of the first time however. So you''re not >> automatically logged into any Facebook Connect site by virtue of >> the fact you''re logged into Facebook. I''m not sure that''s even >> possible, and if it was it wouldn''t be what user''s expect. >> >> set_facebook_session is there to create the facebook_session from >> the the cookies, indeed it is also used in standard FB applications >> to generate a Facebooker::Session based on post data to your app >> and also for Desktop applications. >> >> I hope that makes sense. Correct me if this isn''t completely correct. >> >> RobL >> http://www.robl.me >> >> >> >> Jason Brubaker wrote: >>> Hi all, >>> >>> I''m trying to get a Rails site up and running with Facebook >>> Connect using facebooker. I''ve looked through a couple of the >>> tutorials, and I''m wondering if my understanding of how sessions >>> are supposed to work with facebooker & Facebook connect is >>> completely off. >>> >>> I expected the set_facebook_session before_filter to be able to >>> figure out if I''m already logged in to facebook, and create a >>> facebook_session object if so. Then, I could use the >>> facebook_session information to log the user into my site >>> automatically. Is this even a correct way of thinking about how >>> facebooker''s facebook_session works? If that''s not what it''s used >>> for, then what is the purpose of set_facebook_session? >>> >>> Thanks for your help, >>> Jason >>> _______________________________________________ >>> Facebooker-talk mailing list >>> Facebooker-talk at rubyforge.org >>> http://rubyforge.org/mailman/listinfo/facebooker-talk >> >> > > _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk
Hi Kevin, Ah, that makes sense. I should have assumed there would be some cookie issues that needed to be worked out on the client side. Thank you for the explanation & code sample! - Jason Brubaker kevin lochner wrote:> On Aug 18, 2009, at 2:22 PM, Jason Brubaker wrote: > >> Hi Rob, >> >> Thank you for the explanation. I''m not sure why I expected that if I >> was logged into Facebook that I wouldn''t have to log into my site (as >> long as I had previously connected the two). > > Actually, that is the case, rob was talking about the *very* first > time you visit the site, and haven''t previously approved it. You > shouldn''t have to click the connect button if you''re logged into > facebook and have previously approved the connect app. A good demo is > the runaround, try logging-in+approving, logging out, logging into > facebook and returning: > > http://www.somethingtoputhere.com/therunaround/ > > The following explanation could really use a visual diagram, but > here''s the rough sequence, assuming you''re logged into facebook and > visit a site that you''ve previously approved: > > 1) load page (with FBML) > 2) page calls the FB.Facebook.init(api_key,xd_receiver_file) on the > client side (use the init_fb_connect helper) > 3) the client side knows about the facebook session, but the page has > already loaded > 4) load new page > 5) facebook cookies are set, and facebook_session is available on the > server side > 6) do whatever you want with the facebook session in your view > > So the takeaway is that you will auto-login on the 2nd page load. You > can automate step 4 with a callback in step 2, for example try > including the following somewhere near the bottom of your page: > > <% init_fb_connect do %> > <% if !logged_in? %> > <%= "location.reload()"%> > <% end %> > <% end %> > > That would do a full page reload if the facebook session is available > and the user isn''t logged in on the server side, assuming you have a > logged_in? helper function. Not the most elegant solution, but this > should get you started - add whatever callback you want in the > init_fb_connect block. > > - kevin > > > >> Anyway, your explanation makes a lot of sense, and I appreciate you >> taking the time to set me straight. >> >> Regards, >> Jason Brubaker >> >> Rob Lacey wrote: >>> Hi Jason, >>> >>> They work like so. A user visits your site and wants to login they >>> click the Facebook Connect button and one of two things happen. If >>> the user is already logged into Facebook then they are logged into >>> the application otherwise a popup window appears you supply your >>> Facebook user/pass and are logged into the application. >>> >>> The actual process is when you authenticate with Facebook via >>> FacebookConnect a few facebook cookies are generated and those >>> cookies are stored under the hostname of your app >>> www.myfacebookapp.com or whatever. From those cookies Facebooker can >>> generated a Facebooker::Session, which you can use to simply verify >>> if a user is authenticated with Facebook by checking if >>> facebook_session is not nil or even query the Facebook API for user >>> information with ''facebook_session.user.name''. >>> >>> It can''t verify that you are already logged into Facebook when you >>> visit your application of the first time however. So you''re not >>> automatically logged into any Facebook Connect site by virtue of the >>> fact you''re logged into Facebook. I''m not sure that''s even possible, >>> and if it was it wouldn''t be what user''s expect. >>> >>> set_facebook_session is there to create the facebook_session from >>> the the cookies, indeed it is also used in standard FB applications >>> to generate a Facebooker::Session based on post data to your app and >>> also for Desktop applications. >>> >>> I hope that makes sense. Correct me if this isn''t completely correct. >>> >>> RobL >>> http://www.robl.me >>> >>> >>> >>> Jason Brubaker wrote: >>>> Hi all, >>>> >>>> I''m trying to get a Rails site up and running with Facebook Connect >>>> using facebooker. I''ve looked through a couple of the tutorials, >>>> and I''m wondering if my understanding of how sessions are supposed >>>> to work with facebooker & Facebook connect is completely off. >>>> >>>> I expected the set_facebook_session before_filter to be able to >>>> figure out if I''m already logged in to facebook, and create a >>>> facebook_session object if so. Then, I could use the >>>> facebook_session information to log the user into my site >>>> automatically. Is this even a correct way of thinking about how >>>> facebooker''s facebook_session works? If that''s not what it''s used >>>> for, then what is the purpose of set_facebook_session? >>>> >>>> Thanks for your help, >>>> Jason >>>> _______________________________________________ >>>> Facebooker-talk mailing list >>>> Facebooker-talk at rubyforge.org >>>> http://rubyforge.org/mailman/listinfo/facebooker-talk >>> >>> >> >> _______________________________________________ >> Facebooker-talk mailing list >> Facebooker-talk at rubyforge.org >> http://rubyforge.org/mailman/listinfo/facebooker-talk > >