27

When calling FB.getLoginStatus using a valid Facebook App the response status is always unknown. Exact response is {authResponse: undefined, status: "unknown"}.

<html>
<body>
    <div id="fb-root"></div>

    <script>
    window.fbAsyncInit = function(){
        FB.init({ appId:'1484134468466778', status:true,  cookie:true, xfbml:true});
        FB.getLoginStatus(function(response){
        console.log(response);
        });
    };

    (function(d){
        var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
        js = d.createElement('script'); js.id = id; js.async = true;
        js.src = "//connect.facebook.net/en_US/all.js";
        d.getElementsByTagName('head')[0].appendChild(js);
    }(document));
    </script>
</body>
</html>


Example URL: http://media.tuentifotos.com/simple_test.html


Here a screenshot of the Facebook App Settings. Facebook App Settings

andyrandy
  • 72,880
  • 8
  • 113
  • 130
Diego Cerdan Puyol
  • 1,134
  • 1
  • 12
  • 13
  • 1
    Firstly, you need not share your App id. You are getting unknown response since you are neither logged in nor authenticated to the app. You need to login using facebook button and then it will show appropriate response. Hope it helps! – Lakshay Dulani Apr 06 '14 at 04:40
  • 3
    @Lakshay The documentation about [getLoginStatus](https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/) explain it should return **not_authorized** if the user is logged into Facebook but has not authenticated the application. – Diego Cerdan Puyol Apr 06 '14 at 05:24

11 Answers11

19

This was happening for me in Chrome, and was because Chrome was configured to block third-party cookies and data.

Once I made that configuration change, FaceBook is able to log me into my app without a problem.

  • Chrome Settings
  • Show advanced settings...
  • Privacy
  • Content settings...
  • uncheck Block third-party cookies and site data
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
  • I ran into same problem today and this saved me. Thanks – Chetan Dec 15 '15 at 15:28
  • 2
    I have it unchecked, but I'm still getting the same problem – Rockstar5645 Jan 13 '16 at 09:24
  • 22
    How do you know the end user of your code won't have the same problem? Will you advise that everyone who uses your app uncheck that box? – snakeoil Jun 07 '16 at 15:58
  • 1
    He didn't really give enough information for you to know if this is going to be a problem for his end users, or even if he will have any. This did fix my problem, though, which was completely non-end-user-y. – Chris Strickland Jul 07 '18 at 12:47
  • This answer wasn't _exactly_ right for me, but it gave me the clue I needed: namely that something browser-side was the problem. In my case, disabling DuckDuckGo's privacy extension "fixed" the issue; a colleague with the same issue got around it by telling Chrome not to block pop-ups (Settings -> Site Settings -> Pop-ups and redirects, as of Chrome 75). snakeoil's point is well-taken, but at least we know how to get users past this until or unless we have a better fix. – cgrayson Jun 27 '19 at 16:35
6

I too faced this problem in Chrome. However, in Firefox it worked as expected with the status returned as connected when the user had logged in previously.

I found a clue about this from an answer to the similar question here.

The root cause of this issue is, on FB.logout(), Chrome is not removing the cookie fblo_<your-app-id> which is somehow affecting FB.getLoginStatus() function to return unknown

Fix: On calling FB.logout(), you may programmatically delete the cookie fblo_<your-app-id>

FB.logout(function(response) {
  deleteCookie("fblo_" + fbAppId); // fblo_yourFBAppId. example: fblo_444499089231295
});

function deleteCookie(name) {
  document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
Nagesh Andani
  • 432
  • 6
  • 12
  • Got to be honest I brushed over this answer - but after looking at all the `fb` cookies I saw that `fblo_xxxx` was set to `y`. After deleting it I was able to refresh the page and got the expected `connected` status for my login. I had been calling `FB.logout()` from the console. Really wonder why this hasn't been fixed. Seems like very undesirable behavior. – Simon_Weaver Dec 04 '17 at 06:40
  • I've faced another issue. You should set correct domain when deleting cookie: ```domain = new RegExp('fbm_' + fbAppId + '=.*base_domain=([^;\\s&]+)').exec(document.cookie); domain = domain[1] || ('.' + document.location.host);``` – Bars Jan 25 '18 at 12:56
  • Use `location.hostname` instead of `location.host` to avoid value to be empty and port number to be included on localhost server: `document.cookie = \`fblo_${appId}=;expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=${location.hostname}\`` – Hao-Cher Hong Jan 26 '19 at 19:11
  • A fellow dev with chrome on Windows did not have this problem . Chrome on Mac did have the problem. Thank you for the answer! – Gavin Palmer Mar 13 '19 at 15:56
4

When I checked, the status is showing "not_authorized" and that's fine, since I've not authorized the app yet.

To complete the flow, you should add the FB.login whenever user id is not authorized or not logged-in to facebook:

window.fbAsyncInit = function(){
    FB.init({ appId:'{APP-ID}', status:true,  cookie:true, xfbml:true});
    FB.getLoginStatus(function(response){
        if (response.status === 'connected') {
           //proceed
        } else if (response.status === 'not_authorized') {
           login();
        } else {
          login();
        }
    });
};

function login(){
   FB.login(function(response) {
      if (response.authResponse) {
         // proceed
      } else {
         // not auth / cancelled the login!
      }
   });
}
marianosimone
  • 3,366
  • 26
  • 32
Sahil Mittal
  • 20,697
  • 12
  • 65
  • 90
4

For me this meant "on my login page" I needed to specify cookies.

  window.fbAsyncInit = function() {
   FB.init({
      version: 'v2.8',
      cookie     : true,
    });
  };

But don't ask me why this was the case. It also fixed it needing to click twice on the login button to actually login, and doesn't even require an appId, seemingly, FWIW...

rogerdpack
  • 62,887
  • 36
  • 269
  • 388
1

The final answer

Ok so I think I've finally figured this damn issue out.

What you need to know:

1) You authenticate with Facebook via an app ID. This sets various cookies, where your app ID is tagged on the end:

  • fblo_000000000000
  • fbm_000000000000
  • fbsr_000000000000

2) If you delete these cookies, you're still authenticated to facebook as a regular user (unless you log out completely). And on Facebook's servers they still know you are authorized on this app.

  • So when you run FB.getLoginStatus() again it will just recreate them and put them back again. This is not what your user expects. This is bad. They clicked 'Log out'.

3) The docs explicitly say this:

The user is either not logged into Facebook or explicitly logged out of your application so it doesn't attempt to connect to Facebook and thus, we don't know if they've authenticated your application or not. (unknown)

So they don't even TRY to check if this cookie is set. That's why you get null or undefined. So the fblo cookie is considered like an 'opt-out'. You're NOT ACTUALLY LOGGED OUT by what any regular person would consider being logged out as to mean. There's just a cookie saying you are! Of course if the user logs back in with the login button then the cookie will be deleted, which is what you and your user wants.

Therefore I believe the only thing that makes sense to do (if you truly need to know the user's status) is to:

  • Manually check the existance of fblo_<APPID> cookie before you run FB.getLoginStatus.
  • If the cookie doesn't exist then do nothing and run your normal flow.
  • If the cookie does exist you have several options :

1) Option 1

Do absolutely nothing. You now understand the issue, you understand not to delete the cookie and perhaps you don't need to do anything other than show the Facebook login button.

2) Option 2

You assume the person is a user of your app, and do whatever you need to do to show the UI. But you won't be running your full normal logic - this will be application specific to you .

3) Option 3

  • Manually set the cookie value fblo_<APPID> to n (instead of 'y'). Remember this cookie is set on your domain so you're allowed to change it. *Depending upon your development environment this will vary, but it needs to be done client side, and you may need to specify path of `/' and your cookie domain).
  • Run the getLoginStatus(..., true) - it will not be blocked now because the cookie is now n. However you must not run your normal logic here - because all you want to do is check if the user is actually a Facebook user and/or still authenticated with your app.
  • Manually set the cookie value back to y

Unfortunately I can't recommend this solution due to weird race conditions. It almost almost works, but FB could deliberately or accidentally break it at any time - and it actually ends up still getting confused thinking you're really logged in when you aren't. Plus it could have all kinds of complications with other plugins I haven't even observed.

I wish the getLoginStatus would just always run and give accurate information, but this is the only true solution I see. And it's been this way for 8 years so I think we're stuck with it.

4) Option 4 - Set your own cookie

  • You always have the option to set your own cookies to indicate certain things, like 'this user has at some point logged into Facebook' or 'this user is authenticated with my app'. But I'm cautious about doing this because it can quickly get complicated.

Incidentally I revisited this issue because I'm using the Messenger plugin for my website and I don't want it to display at all unless I know the person has a Facebook account. So I need an accurate response to login status.

Simon_Weaver
  • 140,023
  • 84
  • 646
  • 689
  • Oh and yes I should add that you need to be super careful about your intent and usage of returned message if your user had previously logged out. I'm ONLY using this to get find out whether or not the current user is authenticated on Facebook.com (at all). I'm not using any of their information that comes back for any other purpose and you probably shouldn't either (remember multiple people share devices and if they've logged out you should respect that). – Simon_Weaver Feb 08 '19 at 00:44
1

This was happening to me until I turn on my browser to allow third-party websites to save and read cookies.

To do this go to 

settings > advanced > site settings > Cookies and site data

Then uncheck the option blocking third-party websites from saving and reading cookies. This might not be a good option but it solves these issues for me. image

Emmanuel David
  • 410
  • 7
  • 17
1

You just need make your site URL from http to https

DO NOT use http

Ian
  • 74
  • 7
0

I had the same issue in IE. Flimzy's answer got me thinking. I tried running IE as administrator and it worked.

Dennis Calla
  • 839
  • 9
  • 10
0

I had the same problem, I fixed this by clearing all cache and cookies.

divyanshu
  • 1
  • 2
    While this might be a valuable hint to solve the problem, a good answer also demonstrates the solution. Please [EDIT](http://stackoverflow.com/posts/5419867/edit) to provide example code to show what you mean. Alternatively, consider writing this as a comment instead – ρяσѕρєя K Jan 16 '17 at 05:57
0

You have to test it from the live domain (which you provided in the app).

I had the same problem when testing locally (using local domain).

magento4u_com
  • 364
  • 2
  • 6
0

In my case I was using Brave browser which didn't allow cookies due to which it was giving status unknown. I switched to chrome and now it is working.

Krissh
  • 328
  • 3
  • 14