I am trying to implement Facebook login into my WordPress site, but $helper->getSessionFromRedirect();
always returns NULL after being redirected from Facebook.
My site has a custom WordPress theme and in my ‘header.php
‘ I include a file named ‘login.php
‘ (which contains the Facebook SDK for PHP includes, the login-url, etc.) using the require_once() method.
Everything works just fine when I copy the same code from the ‘login.php’ file into an external non WordPress file (and change the paths to the includes not using WordPress constant WP_CONTENT_DIR of course) and access it directly in my browser. The same code, however, included in my ‘header.php
‘ will not work, whatever I try.
It will simply not log me in as it can’t create a session.
So simplified, my script works fine, but not as part of my WordPress theme. Any idea what could possibly be the cause that WordPress makes this fail?
- All settings in my Facebook app have been verified, including the trailing slash and the ‘Valid OAuth redirect URIs.’
- When clicking the login-url in WordPress, a session ‘
FBRLH_state
‘ is created, but not the required ‘fb_token
.’ - When logged in from the external file, then visiting (not redirected to) the WordPress theme, a session ‘
fb_token
‘ exists and the Facebook user is logged in as expected. - Redirecting Facebook from the WordPress theme to the external file (and visa versa) also doesn’t work.
Edit: Here is the code snippet:
define( 'FACEBOOK_SDK_V4_SRC_DIR', '/path/to/facebook-php-sdk/src/Facebook/' );
require( '/path/to/facebook-php-sdk/autoload.php' );
use FacebookFacebookSession;
use FacebookFacebookRequest;
use FacebookFacebookRedirectLoginHelper;
use FacebookGraphUser;
session_start();
$bln_error = true;
$redirect_url = 'http://www.example.com/';
FacebookSession::setDefaultApplication( '************', '********************************' );
if( isset( $_SESSION['fb_token'] ) ) {
// create new session from saved access_token
$session = new FacebookSession( $_SESSION['fb_token'] );
// validate the access_token to make sure it's still valid
try {
if( !$session->validate() ) {
$session = null;
}
} catch ( Exception $e ) {
// catch any exceptions
$session = null;
}
} else if( isset( $_GET['state'] ) ) {
$helper = new FacebookRedirectLoginHelper( $redirect_url );
try {
$session = $helper->getSessionFromRedirect();
} catch(FacebookRequestException $ex) {
// When Facebook returns an error
echo $ex->getMessage();
} catch(Exception $ex) {
// When validation fails or other local issues
echo $ex->getMessage();
}
if ( isset( $session ) && $session ) {
// Logged in.
echo 'Logged in.';
$bln_error = false;
}
} else {
$helper = new FacebookRedirectLoginHelper( $redirect_url, '************', '********************************' );
$fb_login_url = $helper->getLoginUrl();
echo '<a id="fb_link" href="' . $fb_login_url . '">Login with Facebook</a>';
}
To be even more specific:
Initial $_SESSION['FBRLH_state']
is same as $_GET['state']
in $fb_login_url
before and after redirect.
After redirect $_SESSION['FBRLH_state']
has a new value.