Menu
I'm kind of intrigued on how Facebook manages the user session in their different web apps (Facebook and Messenger). When I enter the Messenger web app, it knows that I'm logged in Facebook and let me use the app. I want to know which tecnologies would let me achieve that (Redis maybe?) or how can they share the same session?
602
messenger.com makes an ajax request to facebook.com and gets the information if the user is logged in there or not.
Once you are authenticated in messenger.com, you have a new session which is independent of the facebook.com session.
The request which is made can be seen in the Network tab from the developer tools:
POST https://www.facebook.com/login/async_sso/messenger_dot_com/?dpr=1&__a=1
This endpoint allows messenger.com to make cross origin requests (because of this response header):
access-control-allow-origin: https://www.messenger.com
In the x-auth-result the information about your Facebook account is sent in base64, and it's parsed using JSON.parse(atob(...)).
For example, mine looked like this:
X-Auth-Result: eyJ1c2VyaWQiOi....sd1EifQ==
Then they do:
var n = m.getResponseHeader('X-Auth-Result');
if (n) {
var o = JSON.parse(atob(n));
c('Arbiter').inform('messengerdotcom_fb_session_info', o);
}
o will look like this, in my case:
{
"userid": "1000....756",
"name": "Ionică Bizău",
"secret": "P0....r",
"persistent": true,
"initial_request_id": "AfU...lwQ"
}
And then, they finally can display your full name in the button.
When the user is not logged in, Facebook sends a userid: "0" back:
{
"userid":"0",
"initial_request_id":"A6...YOd"
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
