Occasionally I write more geeky posts that I don’t expect all my readers to understand. I’m going to start prefacing those with “Geeky:” so you can know to ignore them in the future. This is obviously one of those, so if the title doesn’t make sense to you, I don’t blame you for skipping over it all.
I have started playing recently with Facebook’s new Open Source Javascript Client Libraries. It has actually been quite fun to work with, in that they separate all the code out in a manner that’s easy to access, read, and understand how it works. Also, if I ever choose, I can host the Javascript files themselves on my own servers and reduce that potential failure point were Facebook’s servers to go down. (granted, you’re still relying on the Facebook API for them to work fully) I can also contribute to the source in the event I feel something might work better (via my own Github fork).
One problem I’ve come across with the new libraries is that they have simplified the Javascript session cookies so that rather than 5 or 6 separate cookies all getting set and needing to be parsed on the client in order to identify the authorized user, only one cookie is set, and can be parsed using simple URI string parsing functions. This is actually a bonus in that there is less work to be done to authorize the user. However, it means any old server-side clients that parse those cookies the old way will also need to be modified. If you don’t modify your server-side client library to recognize the new cookies, your libraries will not be able to authenticate or authorize the user properly.
I needed a solution for the server side that worked well with the new format. The specific code I’m writing is in PHP so it made sense to go with Facebook’s default PHP libraries, and I created a version of facebook.php that worked with the new Javascript SDK. To set it up is simple – just take this file, unzip it, and replace the facebook.php in your default PHP Facebook client library install with the one you just unzipped.
Unfortunately, the file isn’t backwards compatible, so you will need to choose between either the new Open Source Javascript SDK or the old Facebook Javascript Client libraries. This is because if you use the new Javascript SDK when you log the user out it only deletes the new format of session cookie. Your PHP Client Libraries will set the old format if you don’t replace them with the version above.
There may still be a way to make all this backwards compatible, but for my purposes I haven’t had need to look into it. Also, I’ve only tested this for my own use-cases, so there may be bugs. Please send me a patch if you find any bugs and I’ll update my own version of the file. As soon as it’s possible hopefully we can get this into the Facebook version as well. I’m going to also update the Github Wiki for the new Javascript SDK so others can benefit.
Let me know if anything needs to be updated. You can download the zipped facebook.php file here.
Stay N' Alive 
I just came across this. Thanks Jesse, this is excellent work!
Thanks Garrett! Hopefully it helps – let me know if I need to change
anything.
Hi! Thanks for this work!
FYI : I just came across a small bug : l.511 in get_valid_fb_params function
You should replace : if ($fb_params['uid']) { $fb_params['user'] = $fb_params['uid']; }
by : if (array_key_exists('uid',$fb_params) && $fb_params['uid']) { $fb_params['user'] = $fb_params['uid']; }
In my case $fb_params['uid'] didn't exist…
Thank you so much for that – I'll get that fixed and updated.
Hi!
I just come into another small one :
Line 167 in validate_fb_params function :
replace : else if ($_COOKIE['fbs_'.$this->api_key]) {
by : else if (array_key_exists('fbs_'.$this->api_key, $_COOKIE)) {
Same type of issue than the previous one.
And again thanks for you work! The new FB JS lib is just great, but without your PHP library it would be almost useless.
Great job, mate! This doesn't need to be backwards compatible, as the new JS lib isn't backwards compatible either. Once you upgrade to it, you can upgrade this.
One note: there is no more API key it seems, although it is present in your app's control panel, nothing is using it. It's all the APP ID now. Is that right? Took me a little bit of time to figure out.
I think both app id and api key work still. I think they're moving towards
app id though.
I have downloaded your facebook.php and my application didn't work at all.
Yuriy, use the libraries at http://developers.facebook.com – those have been
updated now and are more up-to-date.
I have downloaded your facebook.php and my application didn't work at all.
Great job, mate! This doesn't need to be backwards compatible, as the new JS lib isn't backwards compatible either. Once you upgrade to it, you can upgrade this.
One note: there is no more API key it seems, although it is present in your app's control panel, nothing is using it. It's all the APP ID now. Is that right? Took me a little bit of time to figure out.
I just came across this. Thanks Jesse, this is excellent work!