Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

nodejs/connect middleware that eats facebook cookies that eats, decodes and validates facebook cookies from client FB.login() calls and makes the session available as req.fb_session

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 README.markdown
Octocat-spinner-32 _facebook-session-cookie.coffee
Octocat-spinner-32 facebook-session-cookie.js
Octocat-spinner-32 index.js
Octocat-spinner-32 package.json
README.markdown

Facebook Session Cookie

A simple connect middleware that eats Facebook session cookies that were created in the browser using FB.login(). The cookie contains a signed Facebook session. The middleware eats the cookie, validates the signature and exposes the session object as req.fb_session (or null if there is no valid Facebook session). Call getParams(), getId() and getAccessToken() on the fb_session to inspect it. req.fb_session.getParams() returns the full session in this format:

{
  access_token: 'XXX',
  base_domain: 'startupbus.com',
  expires: '0',
  secret: 'XXX',
  session_key: 'XXX',
  uid: '1485453639'
}

Use like this (assuming you're using coffee-script, which is great):

server.use require('facebook-session-cookie')('app_id', 'app_secret', 'domain.com')
server.use (req, res, next) ->
  if req.fb_session
    # hooray, do whatever!
    # probably pull out a user record to match from your db
    # or register a previously unknown user
  else
    # show login page

TODO: Clean up some of the mess that's left from ripping this out of a real project.

Something went wrong with that request. Please try again.