Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. How is user session managed if using the facebook login?
× Joomla Facebook Connect support forum

Topic-icon How is user session managed if using the facebook login?

Active Subscriptions:

None
13 years 10 months ago #3962 by fb_629250296
Hi all

the user session seems to be managed differently depending on if you login using the JFBC Login form with joomla details or the FB connect button using facebook login

Can you confirm this and if so how they are managed differently?

My situation is that I have a synchronisation plugin which unifies the login for 4 sites, AS LONG AS STANDARD JOOMLA LOGIN PROTOCOLS ARE IMPLEMENTED.

It seems that for JFBC login module, the joomla user login works properly as my synch works fine with it, but that when I use FB Connect button it creates login ok for the site where JDBC is but the synch picks up the FB data and not the Joomla login data.

Can you give me more details of how the FB connect works so I can get the developers of my Synch to properly work?

Thanks in advance

Thomas
The topic has been locked.
Support Specialist
13 years 10 months ago #3966 by alzander
Sure. It actually works using the Joomla authentication and login protocols, so there shouldn't be an issue there, but of course, it is pulling data from elsewhere, which may cause some (easily overcomeable) issues. We haven't tested widely with synchronization plugins, so will need your help (and feedback) through this.

First, ensure that the plugins fire in the correct order.
* For Authentication, if your sync plugin fires, make sure it's after both the Joomla and JFBConnect authentication plugins
* For User, make sure that the ordering is Joomla then JFBConnect, then your sync plugin. Other plugins in between each of these is fine, as long as the chain is maintained.

The user plugin is what provides the Username, Full name, and other information back to the Joomla store in the session. We don't override or manipulate session data directly.

Finally, not sure if you're using "Create New Users" set to yes or no. If yes, the FB user should be treated exactly like a Joomla user. If no, things like password don't exist, since you're authenticating to only an external source (FB). Not sure if your synchronization relies on a password being present, but this could be part of the problem.

Let us know if this explanation helps and/or leads to more questions. Would love to get you going so we can say "Successfully tested with synchronization plugin XXX"

Thanks!
The topic has been locked.
Active Subscriptions:

None
13 years 10 months ago #3974 by fb_629250296
Yeah I would love it to work too!

The plugins are set to fire as you said but it doesnt make a difference.

Basically the reason is that the synchronisation expects to receive Joomla User Details but only gets facebook user id. I have create new users set to yes and the synchronisation actually WORKS when I create the new user on the system using the F Connect button... UNTIL I log out that is... wwhen I log back in with F Connect button it logs me in fine with the site JFBConnect is installed on but no longer synchs with the other sites.

If the JFBConnect module when F Connect button is used only sends the FB ID of the FB user to the JFBConnect component for authentication then I believe thats where the problem lies... as my synch expects the Joomla details and gets just a FB ID number.

This is borne out by fact that something is sent to the other sites but I get username or password error on the other sites even though I successfully log in with JFBConnect on the home site.

What I think I need is a routine for the synchronisation which checks if JFBC is installed and if so runs the query to the JFBC component to get correspoinding username and password from DB

What you think? I uploaded the schema of my sites and also the synch plugin already.

Thomas

If you feel it would help I am on Skype ID ebsikiltimagh

Thanks

Thomas
The topic has been locked.
Support Specialist
13 years 10 months ago #3977 by alzander
Alright, I gotcha. The authentication plugin for JFBConnect actually works by passing your FB API key as the username and FB Secret key as the password. This is done because Facebook doesn't give us a username or password to work with. Once authentication starts, we look up the currently logged in FB User's ID, see if they're in the usermap table, if so, get the Joomla ID for that user, and log them in.

So, I'm assuming you have an authentication plugin that's looking for these username/password values... Hmmm. Even if you can get the correct Joomla ID from the user map, there's no way to get the user's password from the database to use in the 'other' sites to log in. The database has a hash of the password, not the passwords themselves.

Going to have to think about what can be done to help you. A user plugin would be able to fire and grab the username during 'onLoginUser', and from that, you could trigger some events on the other sites to log the user in. The big thing to watch out for is security and ensuring that there's no way someone could circumvent the system to log in as someone else.

Hope this little rambling helps you come up with ideas as well, but unfortunately, no direct solutions here.
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. How is user session managed if using the facebook login?
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS