I have a tricky situation which I hope to gather opinions / feedbacks / solutions.
I have a website which only utilizes Facebook Login as its authentication mechanism. Here’s my login flow:
[*]User arrives at /site/index
[*]The requested Action runs
to see if the user is logged in.
[*]If a valid facebookid is returned, i use
to retrieve the user.
[*]If facebookid = 0, I create a new User model and save the facebookid in DB
[*]I create a new FacebookUserIdentity (extends CUserIdentity) based on the facebookid and runs the
. The authenticate() checks against the DB for this facebookid and attempt to do a
to ensure the access_token is valid.
[*]I login the user with
Now the problem is, when the user logs out of Facebook, he isn’t logged out of my website because Facebook and my website is maintaining separate session. The CWebUser checks that the user is logged in by checking against the session. In my case, I need to try
in order to ensure a valid login / access_token.
I’m thinking of creating another class where CWebUser checks against session to check against
. But i am not sure where i should start.
My last resort is not to use Yii’s authentication / authorization component and just check with
on every action that requires a valid genuine user login.
I am new with Facebook and Yii… Any help is appreciated.