Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Loged user and facebook autologin - problem

Topic-icon Loged user and facebook autologin - problem

Active Subscriptions:

None
11 years 5 months ago #50089 by Creatura
Hi,
I have observe some strange problem.

If we have logged user with standard method (login/password) - which have not account on facebook, and we click on the button in article to send feed information to facebook we are automaticly loged as person which have loged on facebook and comment is added to FB as this person.

For example:
Johny have not account on FB but he is logged on Tony computer to the site.
When Johny click to share information on FB, system will automaticly login to Tony account and post information to his board. What's more user on the site is not swithed (still Johny is visible as user on the site, but all shared information is added to Tony board).

???
How to fix it.
I think this will be big problem if two person will use one computer.
The topic has been locked.
Support Specialist
11 years 5 months ago #50094 by alzander
What you describe is how JFBConnect and Facebook work. When you click the sharing feature, if you are already logged into Facebook, JFBConnect will simply authenticate that user. Normally, this would present the login popup from Facebook and have to approve the prompt, at which point, they would realize there may be a problem. If that user has already authenticated with Facebook and is currently logged into Facebook.com, then the login would proceed without a prompt because Facebook doesn't re-prompt a user if they've already granted permissions.

There's not really anything we can do about that since the user is taking the action to share and they need to know what account they're logged into Facebook with. One thing you could do is disable the "Logout of Joomla Only" option in JFBConnect. WIth that, when a user logs out of your site from the SCLogin module, they will be logged out of Facebook as well. That would make sure the authentication popup appears.

I hope that helps, but if you have any other questions, let me know.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
11 years 5 months ago #50099 by Creatura
Hi Alex,

In my opinion this function should be modifed in futer. Unfortunatelly, I'm not sure if i described this problem clear (my english is not good).
But I try to explain what I mean one more time (if you decide that's OK, just let me know, and I will not ask for this again).

Look,
Johny using Tony computer.
When John who have not account on FB is logged to joomla or jomsocial everything is OK.
Then Johny click on button in article to add comment to facebook wall - he is automaticly loged as Tony and from this moment every comment, every added photo go to Tony's FB wall - johny even don't know about this. What's more Johny is still loged in Joomla and he's icon and user profil is visible, but any comments or any other activity goes to Tony wall.

I know that Johny should know that he have not FB account and should not click on the button in article, but In my opinion system should block him from this activity. This will be big problem for administrator if people will add information to others FB wall.
We can say that people should log out after each use of FB but we know that they don't do this.

Maybe soulution is to just compare e-mail adress. If logged user have different e-mail from this who is logged on FB, logged user is blocked to adding any activity to FB wall.

Finally, I think it should works this way:
If user is logged, there will be not other possibility to log in as other user at the same time. In my example we have logged two users at the same time. Johny who adding information on joomla site, and Tony who publish every Johny activity on his FB wall.

Wrrr, in moment like this I'm sad that my english is not good enough to explain this clearly and shortly.... :-) - sorry.

Alex please let me know if you now what I mean.....

Thank you.
The topic has been locked.
Support Specialist
11 years 5 months ago #50104 by alzander
Your explanation and English are fine. There are some technical issues with what you describe as the solution though.

Maybe soulution is to just compare e-mail adress. If logged user have different e-mail from this who is logged on FB, logged user is blocked to adding any activity to FB wall.

Many users use different emails for registrations on site than their social network. We allow users to authenticate with social networks even if their email address is not the same as the account they used when they registered using Joomla. Preventing this would break many sites already out there that rely on the ability for anyone to link their social network account to an existing Joomla account.

If user is logged, there will be not other possibility to log in as other user at the same time. In my example we have logged two users at the same time. Johny who adding information on joomla site, and Tony who publish every Johny activity on his FB wall.

Right now, we don't support this. We allow users to 'switch' the social network account that their Joomla account is linked to. That's a feature that many users in the past have asked for. While it could cause some issues on shared computers, it's not something that's been reported as a problem by our users before and not something we'd plan to change soon. In your case, if Johnny is using Tony's computer, Tony should log off any sites he doesn't want Johnny to interact with, like Facebook.

I hope that helps explain,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Loged user and facebook autologin - problem
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS