Maintain Authentication Session Between Facebook & Application


I have a tricky situation which I hope to gather opinions / feedbacks / solutions.

I have a website which only utilizes Facebook Login as its authentication mechanism. Here’s my login flow:


[*]User arrives at /site/index

[*]The requested Action runs


to see if the user is logged in.


[*]If a valid facebookid is returned, i use


to retrieve the user.

[*]If facebookid = 0, I create a new User model and save the facebookid in DB


[*]I create a new FacebookUserIdentity (extends CUserIdentity) based on the facebookid and runs the


. The authenticate() checks against the DB for this facebookid and attempt to do a

Facebook::api('/me', 'GET')

to ensure the access_token is valid.

[*]I login the user with



Now the problem is, when the user logs out of Facebook, he isn’t logged out of my website because Facebook and my website is maintaining separate session. The CWebUser checks that the user is logged in by checking against the session. In my case, I need to try

Facebook::api('/me', 'GET')

in order to ensure a valid login / access_token.

I’m thinking of creating another class where CWebUser checks against session to check against

Facebook::api('/me', 'GET')

. But i am not sure where i should start.

My last resort is not to use Yii’s authentication / authorization component and just check with

Facebook::api('/me', 'GET')

on every action that requires a valid genuine user login.

I am new with Facebook and Yii… Any help is appreciated.