[TIMOB-3025] Android: Facebook.logout called from activity destroy event doesn't (always) succeed in clearing saved session info
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | Trivial |
| Status | Closed |
| Resolution | Fixed |
| Resolution Date | 2011-04-17T02:00:42.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | Release 1.6.0 M08 |
| Components | Android |
| Labels | android, defect, facebook, release-1.6.0, reported-1.6.0 |
| Reporter | Bill Dawson |
| Assignee | Bill Dawson |
| Created | 2011-04-15T03:35:01.000+0000 |
| Updated | 2011-04-17T02:00:42.000+0000 |
Description
Some app developers want to clear the saved Facebook session
information when a user backs out of an app, so that the session
info doesn't automatically get remembered the next time the app is
started. I want to recommend to them that they should use the
destroy event of the root activity, such as in this
example app.js:
Titanium.UI.setBackgroundColor('#000');
Ti.Facebook.appid = "PUT A FACEBOOK APP ID HERE";
var win = Titanium.UI.createWindow({
title:'Test',
backgroundColor:'#fff',
exitOnClose: true
});
Ti.Android.currentActivity.addEventListener('destroy',function(){
Ti.API.info('Root activity destroying');
Ti.Facebook.logout();
});
win.add( Ti.Facebook.createLoginButton({style: 'wide'}) );
win.open();
Run that example and login to Facebook. Then completely back out
of the application. Then go back in to the application --
unfortunately you'll probably see the facebook button still says
"logout", so it thinks it is logged in even though we called
logout() when the user backed out of the app, which is
when destroy occurs (you can see that
logout() really does get called if you watch
logcat.
So what has happened is that the user really is logged out of that Facebook session (the OAuth 2.0 token is no longer valid), but Titanium doesn't know about it, so the login button is screwed up and showing "Logout" instead of "Connect with Facebook".
I think what's happening here is that the relevant Titanium code to clear the saved session info (saved as a private entry in the Android Shared Preferences store) does not run until an Asynchronous call to Facebook's logout API has returned. By the time that Async call is finished, there are no listeners available any more (the user has backed out of the app, the root activity has been destroyed, etc.)
What we need to do is destroy the session info right when
Ti.Facebook.logout() is called, rather than wait for a
return from FB's logout API call. After all, if an app developer
has called .logout(), he wants that session destroyed,
so why wait? This way the destruction of the session occurs
synchronously within the destroy thread.
Commit: https://github.com/appcelerator/titanium_mobile/commit/74e40cd99a92efa3d7e81fcee452b06347a1fad4"> https://github.com/appcelerator/titanium_mobile/commit/74e40cd99a92...
With this change, if you run an app with the above app.js and follow the same steps as described above, when you back out of the app now it'll both logout the FB session "officially" (i.e, via the FB API call) and destroy the session info stored by Titanium. When you go back in, the button will say "Connect with Facebook" (i.e., you'll show as being logged out, which is correct.)
Verified emulator 2.2
(from [74e40cd99a92efa3d7e81fcee452b06347a1fad4]) [#3025 state:fixed-in-qa] destroy fb session info immediately when logout called https://github.com/appcelerator/titanium_mobile/commit/74e40cd99a92efa3d7e81fcee452b06347a1fad4"> https://github.com/appcelerator/titanium_mobile/commit/74e40cd99a92...
That was the agent setting it back to fixed-in-qa. It's still resolved.