Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. Security of accounts with multiple users of facebook - Force Password
× Joomla Facebook Connect support forum

Topic-icon Security of accounts with multiple users of facebook - Force Password

Active Subscriptions:

None
15 years 4 months ago #7072 by andybott
I am not sure if this is two problems or one but here goes...

The site I am workng on is a complex ntegration of joomla, jomsocial, agora, K2, and a shop. I am using a heavily modded template using the T3framework ad JAsocial.

I anticpate there to be many users of my site who share a family PC at home, meaning there are possible 3 or 4 facebook users all using a sigle PC. I have been testing the site with two facebook accounts and I have noticed the following.

Even if I log out correctly (either with facebook directly or through my site) I can press the login with facebook button and be automatically logged back in to my site as the last user. This would allow the wrong user to post comments and items to the previous users facebook account. Is there a way to force a facebook password request (like it does the first time) every time I click Login With Facebook.

Second (or possibly the same issue) when I try to "swich" facebook users and log in as another on the same PC i seem to be over writing the old user in the user map. By ths I mean if I log in and link my facebook account 1, it shows correctly in the user map, then I completely log out (of my site and Facebook) and login as user 2, (even with a hardware reboot) it replaces user1 in the user map with user2 username and facebook acc number.


I am so confused.
The topic has been locked.
Support Specialist
15 years 4 months ago #7085 by alzander
You should be confused. That's definitely not the correct behavior, if I'm understanding what you say correctly.

First, and easiest, is check that you have the "Auto Login Facebook Users" and "Log out of Joomla Only" settings int he Login/Logout Redirections area set to No. The 2nd one especially, may help resolve some of your issues by forcing the user out of Facebook when they logout of your site. Please note, this is only if they use the logout button from the JFBCLogin module.

Now, if that doesn't change anything (and it likely won't because I think you may have bigger issues), let me go through how it should work:
Logging out of your site
* User logs into your site through Facebook
* If they logout of your site (and you have Logout of Joomla Only set to no), they should be logged out of Facebook as well. Please try this, and go to Facebook.com to see if you're still logged in.
* If they then click the Login With Facebook button, the pop-up should appear asking for credentials

Logging out of Facebook in the background
* User logs into your site through Facebook
* They go to Facebook.com in another tab, and logout
* User should remain logged into your site (as a Joomla user), but they shouldn't be logged in through Facebook. This can be determined by seeing if the user's profile picture shows in the JFBCLogin module (needs to be enabled to show).
* After logging out of Facebook, you may need to refresh your page a few times for the avatar to dissappear, this is until Faceboook successfully clears your cookie - this shouldn't take more than about 3-4 page-loads

Re-logging in
In all cases, if you're using JFBCLogin, and the username/password fields appear, when you click the Login With Facebook button it should not update the Usermap of a different user. If this is happening, that's not right.
However, if you're logged into Joomla and see a "Reconnect" blue button and use it, that will update the user's mapping. The reconnect feature is meant to allow a different Facebook account to be associated with the currently logged in user. You can disable reconnections in the JFBCLogin parameters.

Hopefully this is a little clear, but I can understand where it might not be. If none of the above works, rings a bell, or makes sense, post (or private message me) your URL so we can see if there is indeed an issue with how JFBConnect is working on your site or if there's just a mis-understanding/mis-configuration.

Thanks!
The topic has been locked.
Active Subscriptions:

None
15 years 4 months ago #7131 by andybott
Thanks for the swift response !
Here are my responses

check that you have the "Auto Login Facebook Users" and "Log out of Joomla Only" settings int he Login/Logout Redirections area set to No. /yes this is the case they have alwas been set to no!

This has not helped

Now, if that doesn't change anything (and it likely won't because I think you may have bigger issues), let me go through how it should work:
Logging out of your site
* User logs into your site through Facebook guess this means they are logged into facebook and then come to my ste and press login with facebook button?
* If they logout of your site (and you have Logout of Joomla Only set to no), they should be logged out of Facebook as well. Please try this, and go to Facebook.com to see if you're still logged in. I have tried this and I am still logged into Facebook after logging out by pressing the logout button in the facebook connect module. I can then click login again and always be logged back in
* If they then click the Login With Facebook button, the pop-up should appear asking for credentials No, as you can see from my notes above, they are smply logged right back in

Logging out of Facebook in the background
* User logs into your site through Facebook I can get this bit working :-)
* They go to Facebook.com in another tab, and logout Done this
* User should remain logged into your site (as a Joomla user), but they shouldn't be logged in through Facebook. This can be determined by seeing if the user's profile picture shows in the JFBCLogin module (needs to be enabled to show). This all happens ! whoo hoo !
* After logging out of Facebook, you may need to refresh your page a few times for the avatar to dissappear, this is until Faceboook successfully clears your cookie - this shouldn't take more than about 3-4 page-loads

Re-logging in
In all cases, if you're using JFBCLogin, and the username/password fields appear, when you click the Login With Facebook button it should not update the Usermap of a different user. If this is happening, that's not right.
However, if you're logged into Joomla and see a "Reconnect" blue button and use it, that will update the user's mapping. The reconnect feature is meant to allow a different Facebook account to be associated with the currently logged in user. You can disable reconnections in the JFBCLogin parameters.

by the way, since turning of the Reconnect Feature of JFBClogin I am now logged out every time I refresh the page. Please help me to sort this. I have sent via PM super user access and urls. please do not publish them. I have used the thread title as the subject of the email.
The topic has been locked.
Support Specialist
15 years 4 months ago #7164 by alzander
Hey Andy/Andrew (?),
I just responded to your PM. I don't think the URL you sent is correct. We'd love to help you get to the bottom of these issues ASAP, and I think looking at the site config is the best way to go about it. Please update that, and we'll be on it.

Thanks!
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. Security of accounts with multiple users of facebook - Force Password
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS