Scot Nery Scot Nery - 7 days ago 6
MySQL Question

Using Facebook social login only + php / mysql

I already have people stored in my database with their email addresses. I would like to make it possible for them to click a button and log in to my website with their facebook profiles only (I don't want to manage passwords )

My guess is I use this code to retrieve an email address from facebook...
Facebook Login for the Web with the JavaScript SDK

Then, check that email address against my database

Then, save something in their cookies so that they can see the pages of my site.


  • Am I wrong?

  • What do I store in the cookies so that it's secure?


Answer

The idea you've described sounds good in general. Make sure to implement the Facebook login functionality correctly without any security flaws. Make sure you've solved all scenarios described here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow

Regarding the cookies thing: You should use PHP sessions. Storing login-related data in a cookie is a bad idea as users can change values stored there.

If you decide to use sessions, be aware of all security guidelines and best practices. You can start here: http://stackoverflow.com/a/15596064/6817376

Comments