2

I'm currently using Facebook authentication through OmniAuth, and I was thinking about the user's privacy preference.

In a traditional login form we can have a "Remember Me" option, but seems weird to put it alongside a Facebook login button. (since one reason for FB login is 'one-click' logins)

So what would the best practice be - to automatically remember the login or not?

Alternatively, is there a way to make it such that if the user is logged out of the Facebook, he is logged out of the app as well?

Thilo
  • 17,565
  • 5
  • 68
  • 84
Daniel
  • 1,515
  • 3
  • 10
  • 13
  • Is this a step in the right direction? https://github.com/intridea/omniauth/wiki/Completely-Log-Out-From-Facebook I usually see sites that use facebook authentication log me out when I log out from facebook. – Devin M Aug 05 '11 at 18:04
  • I saw that but didn't quite understand it - I think what he's doing is he's logging out of Facebook through his Rails App. (I'll give it a go when I get the chance) If my understanding is correct, OmniAuth is only using the facebook login credentials when the user first logs in, and this doesn't trigger on return visits, since the user session is already created. – Daniel Aug 05 '11 at 18:19
  • If you look at the devise wiki page for omniauth it does look like you are correct and a session is created. I would have the site remember the user for a set amount of time and then sign them out. – Devin M Aug 05 '11 at 18:35

1 Answers1

0

not quite answering the original question, but I ended up having the session follow Facebook's (such that if user is logged out of FB, should be logged out of my app)

accomplished this through the Javascript SDK, checking if the user is logged in and destroying the session if he's not.

reference: Possible to find out whether a user is logged into facebook over javascript API?

Community
  • 1
  • 1
Daniel
  • 1,515
  • 3
  • 10
  • 13