jgorset
commented
11 years ago Facebook uses signed requests to authenticate users, which are passed to your application in its initial request. In order to keep the user authenticated without proxying consecutive request through Facebook (e.g. http://your-server.com/some/path instead of http://apps.facebook.com/your-application/some/path/), Fandjango caches the signed request in a cookie.
It is possible to disable this behaviour with the introduction of FANDJANGO_CACHE_SIGNED_REQUEST in HEAD, but it carries a large overhead. I don't recommend it unless you are absolutely sure you need it.
I noticed that when I log off my facebook account I can still access all the urls I have (no graph call there) How can I force the user to redirect to authentication page if he's not logged in throughout the whole website?
Thanks for your help.