WordPress and Facebook SDK for PHP / getSessionFromRedirect()

I am trying to implement Facebook login into my WordPress site, but $helper->getSessionFromRedirect(); always returns NULL after being redirected from Facebook.

My site has a custom WordPress theme and in my ‘header.php‘ I include a file named ‘login.php‘ (which contains the Facebook SDK for PHP includes, the login-url, etc.) using the require_once() method.

Read More

Everything works just fine when I copy the same code from the ‘login.php’ file into an external non WordPress file (and change the paths to the includes not using WordPress constant WP_CONTENT_DIR of course) and access it directly in my browser. The same code, however, included in my ‘header.php‘ will not work, whatever I try.

It will simply not log me in as it can’t create a session.

So simplified, my script works fine, but not as part of my WordPress theme. Any idea what could possibly be the cause that WordPress makes this fail?

  • All settings in my Facebook app have been verified, including the trailing slash and the ‘Valid OAuth redirect URIs.’
  • When clicking the login-url in WordPress, a session ‘FBRLH_state‘ is created, but not the required ‘fb_token.’
  • When logged in from the external file, then visiting (not redirected to) the WordPress theme, a session ‘fb_token‘ exists and the Facebook user is logged in as expected.
  • Redirecting Facebook from the WordPress theme to the external file (and visa versa) also doesn’t work.

Edit: Here is the code snippet:

define( 'FACEBOOK_SDK_V4_SRC_DIR', '/path/to/facebook-php-sdk/src/Facebook/' );
require( '/path/to/facebook-php-sdk/autoload.php' );

use FacebookFacebookSession;
use FacebookFacebookRequest;
use FacebookFacebookRedirectLoginHelper;
use FacebookGraphUser;

session_start();

$bln_error      = true;
$redirect_url   = 'http://www.example.com/';

FacebookSession::setDefaultApplication( '************', '********************************' );

if( isset( $_SESSION['fb_token'] ) ) {

    // create new session from saved access_token
    $session = new FacebookSession( $_SESSION['fb_token'] );

    // validate the access_token to make sure it's still valid
    try {
        if( !$session->validate() ) {
            $session = null;
        }
    } catch ( Exception $e ) {
        // catch any exceptions
        $session = null;
    }

} else if( isset( $_GET['state'] ) ) {

    $helper = new FacebookRedirectLoginHelper( $redirect_url );
    try {
        $session = $helper->getSessionFromRedirect();
    } catch(FacebookRequestException $ex) {
        // When Facebook returns an error
        echo $ex->getMessage();
    } catch(Exception $ex) {
        // When validation fails or other local issues
        echo $ex->getMessage();
    }
    if ( isset( $session ) && $session ) {
    // Logged in.
        echo 'Logged in.';
        $bln_error = false;
    }

} else {

    $helper         = new FacebookRedirectLoginHelper( $redirect_url, '************', '********************************' );
    $fb_login_url   = $helper->getLoginUrl();
    echo '<a id="fb_link" href="' . $fb_login_url . '">Login with Facebook</a>';

}

To be even more specific:

Initial $_SESSION['FBRLH_state'] is same as $_GET['state'] in $fb_login_url before and after redirect.
After redirect $_SESSION['FBRLH_state'] has a new value.

Related posts

Leave a Reply