Tom posted on his blog:
[Re: Logging user out of facebook] ...I guess the logout PHP on Facebook get the session or user id out of the browser variable or cookie and then deletes it. I think the only thing we might are able to do is to open a popup or an extra site which logs the user out while the main browser window displays our own login page.Or has anybody another idea to approach this problem?
Google (and other sites) use dynamic javascript to overcome limitations on cross site access. This is done by dynamically adding script tags that point to scripts on other sites. I've briefly tested this concept against your problem by creating test page that generates a dynamic script pointing to the logout.php page. Because script tags normally contain script (go figure), the script tag needs to have it's type attribute set to text/html so that the browser doesn't get confused with the response from the remote server. I don't know how to include a POST parameter with this technique (for the confirm parameter) so this may or may not actually work if that parameter is really required.
You can access the test page at http://www.myfavoriteplaces.org/test/test.html. I'm able to verify that the script runs properly on IE and Firefox on my computer...and that the logout.php does get called. I don't have a facebook account so you'll have to see if this works against an actual logged in user.
Here is a portion of the test.html that creates the dynamic javascript:
Hope this helps.
Comments (2)
POST is not actually a parameter. It is a whole different request type. Dynamic script tags really just GET data.
Posted by Bud Gibson | April 1, 2007 10:25 AM
Posted on April 1, 2007 10:25
Thanks! - We will try using dyncamic JS
Posted by Tom | April 1, 2007 2:37 PM
Posted on April 1, 2007 14:37