Yii Facebook OpenGraph - Authentication Issue

I am having an issue with the php Facebook sdk / opengraph extension. I have read many posts talking about the same kind of issue (Access token invalid, redirect loop etc…) but not any answers can solve my problem.

Briefly, how my project is designed:

This is a Facebook application that is meant to run only with a user logged in Facebook. I have created a Filter that is called every time a page is loaded, to ensure that the content is visible only by Facebook logged users. It should actually behave exactly like the application BranchOut on Facebook.

My issue, and how to reproduce it:

  • I am logged in my application, using the typical login process from Facebook (OAuth, access token)

  • I logout manually on the Facebook page, and then try to do a new action on my application

  • The filter checks if I am logged on Facebook, and because I am not, it redirects me to the Facebook login page.

  • After I login to Facebook again, I get the typical infinite loop between Facebook and my application’s filter.

Here is the code of my filter, preFilter():

$fb_logged = false;



    $user = Yii::app()->facebook->getUser();

    $me = Yii::app()->facebook->api('/me');

    $fb_id = $me['id'];

    $fb_logged = true;


catch (Exception $e)


    $fb_logged = false;




    print_r($fb_id. ' has logged');

    /* Check if user exists on MyApp 

     ... */


// If user NOT logged on FB, send him to the FB login page



    $loginUrl = Yii::app()->facebook->getLoginUrl(array(

                'redirect_uri' => Yii::app()->request->hostInfo . Yii::app()->getRequest()->getUrl() // I have tried many things here.


    echo("<script> top.location.href='" . $loginUrl . "'</script>");



What is exactly happening is that after login on FB, the Filter is called again, because a request to the same URL is made. And at that point, the a call the api(’/me’) generates an exception, because it cannot find any valid access token, and starts looping on it.

I can add that all my configuration is good (seems good), I have checked all my urls, domain name according to Facebook’s app settings. I have also tried many things like redirecting to a new specific URL, but anyway I need to use the filter as well because I want to make sure this is still the same user (or act consequently is the user has changed).

The only thing that works is to redirect the user to a page that has no Filter (no call to api("/me") is done). And then, clicking by hand to a new link in the application (with Filter this time), and there the access token is found. And this is not the behavior I want.

I really hope someone can help me!

Thanks in advance.

similar situation here…

if somebody care to share how they integrated Facebook Auth for a Canvas App… through a Yii filter.



while you are checking the filter if the facebook token is valid ,in case of user out redirect your application to user/logout and destroy the yii session and redirect to the index page. i am showing some example code here. as

 function handleSessionResponse(response) {

                //if we dont have a session (which means the user has been logged out, redirect the user)

                if (!response.authResponse) {

                    window.location = '/user/logout'



                //if we do have a non-null response.session, call FB.logout(),

                //the JS method will log the user out of Facebook and remove any authorization cookies


and user/logout as

 public function actionLogout() {


        $this->redirect(Yii::app()->homeUrl . 'home/index');


this is not the exact code that gonna work in your case but o something like it.