facebook cookie and auto login problems

[bitzesty]

Something weird is going on, with fb login. Having removed all my cookies and signed out of both the app and fb, I sometimes get signed in automatically without clicking the fb connect button as a user (and when I try and sign out - I get signed in again as an admin o.0 ).

This occurs across many browsers and different computers (all with cookies cleared) - the only thing that i can think of is it might be an issue with all machines having the same IP address, or a bug with FB connect, or a bug in devise/fb_connectable/facebooker.

I will try upgrading to master and report back

[grimen]

Not a an issue for me, but on the other had I'm only having one user model together with a authorization plugin. Would be possible for me to debug if you cold reproduce it in a dummie app.

[bitzesty]

its a facebooker issue by the looks of it - will make a dummy app, but as well as clear_facebook_session_information I had to do this ::Facebooker::Session.current = nil could it be an issue with Thread.current?

http://github.com/mmangino/facebooker/blob/master/lib/facebooker/session.rb#L93

[bitzesty]

Solution: we switched to mongrel cluster. passenger and thin still were throwing very weird errors

[grimen]

OK, thanks for the note bitzesty! Did u got a log of those errors?

[bitzesty]

it's hard to log because it looks like there isnt really an error - its just that the fb session is stored in a thread and is leaking to other connections (therefore you can be logged in as a different user, even without logging in). Its a facebooker issue and I have a +1 on replacing that gem with something else.

Just replying as someone messaged me saying they had the same problem.

Matt

[grimen]

OK, open it up again. I need to review this later on. More of a reminder. Sounds like u say: threading issues with Passenger, etc. I only used it with Mongrel and Heroku so far myself.

[bitzesty]

note: I did also see this issue albeit not as frequently with thin (in production)

[nmerouze]

authlogic_facebook_connect seems to have the same issue http://github.com/kalasjocke/authlogic_facebook_connect/issues#issue/12

[grimen]

Probably same as: http://github.com/grimen/devise_facebook_connectable/issues#issue/18

No solution yet.

[bitzesty]

we're just running in mongrel, not really a fix but it now works

[skwp]

I am seeing this in mongrel also (get automatically logged in). Hope to dive deeper into it to see what the actual problem is.

[skwp]

I am using 0.1.9. That's the only version that would actually work. If you take master devise with master devise_facebook_connectable all you get is a lot of fail :) I couldn't get any combination of versions to work until I went to the sample app and went off of that.. (it contains devise 1.0.3 and dfc 0.1.9)

[bitzesty]

devise master is rails 3 only

[skwp]

I think I tried the various branches that were claimed to be compatible with 2.3. But anyway that's not the point of this discussion, don't want to hijack the thread :)

[grimen]

@skwp: That's an "old" one =) Get the latest (0.2.1) and let me know how it works... http://rubygems.org/gems/devise_facebook_connectable

[skwp]

@grimen ok I'll try to do this tonight and get back to you

[mattvanhorn]

I just ran into this with facebooker 1.0.55 and devise_facebook_connectable 0.2.1 - Apache/Passenger/Rails 2.3.5 Will try facebooker 1.0.69 and see if it helps.

[bitzesty]

just use the new oauth2 api - facebookr is really unstable

[mattvanhorn]

I just got this problem again with the latest versions of everything. Someone made a purchase which got assigned to a different user account. There is definitely a thread-safety issue here somewhere. Going to take the above advice and switch to oauth2.

[grimen]

Yep, Facebooker has some funky bugs (especially with passenger I noticed). Right now I only use this gem for hobby-sites. :) I need to use it soon though, so new Facebook API might be interesting to implement soon.