From 188745e636409adf7e4ffff4fe1a1d200a360454 Mon Sep 17 00:00:00 2001
From: David Coll <david.coll.78@gmail.com>
Date: Thu, 2 May 2013 18:53:56 +0200
Subject: [PATCH] Corrected continuous session behavior when multiple users on
 the same browser logged in and out. New user where keeping the session of the
 previous logged in user because behavior was set only to check existence of
 Session key. Now refresh the Auth and FB session in case of difference
 between $this->uid and session *.id . Added last mod made to
 base_facebook.php by Facebook - 2013-05-02

---
 Controller/Component/ConnectComponent.php |  6 +++---
 Vendor/base_facebook.php                  | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 Controller/Component/ConnectComponent.php
 mode change 100644 => 100755 Vendor/base_facebook.php

diff --git a/Controller/Component/ConnectComponent.php b/Controller/Component/ConnectComponent.php
old mode 100644
new mode 100755
index b4bb56e..ed3935e
--- a/Controller/Component/ConnectComponent.php
+++ b/Controller/Component/ConnectComponent.php
@@ -142,8 +142,8 @@ private function __syncFacebookUser(){
 		}
 		
 		// check if the user already has an account
-		// User is logged in but doesn't have a 
-		if($Auth->user('id')){
+		// User is logged in but doesn't have a
+		if($Auth->user('id') && $Auth->user('facebook_id') == $this->uid){
 			$this->hasAccount = true;
 			$this->User->id = $Auth->user($this->User->primaryKey);
 			if (!$this->User->field('facebook_id')) {
@@ -192,7 +192,7 @@ private function __syncFacebookUser(){
 	*/
 	public function user($field = null){
 		if(isset($this->uid)){
-			if($this->Controller->Session->read('FB.Me') == null){
+			if($this->Controller->Session->read('FB.Me') == null || $this->Controller->Session->read('FB.Me.id') != $this->uid){
 				$this->Controller->Session->write('FB.Me', $this->FB->api('/me'));
 			}
 			$this->me = $this->Controller->Session->read('FB.Me');
diff --git a/Vendor/base_facebook.php b/Vendor/base_facebook.php
old mode 100644
new mode 100755
index b5ac87b..fa73a88
--- a/Vendor/base_facebook.php
+++ b/Vendor/base_facebook.php
@@ -439,6 +439,11 @@ protected function getUserAccessToken() {
       // the JS SDK puts a code in with the redirect_uri of ''
       if (array_key_exists('code', $signed_request)) {
         $code = $signed_request['code'];
+        if ($code && $code == $this->getPersistentData('code')) {
+          // short-circuit if the code we have is the same as the one presented
+          return $this->getPersistentData('access_token');
+        }
+
         $access_token = $this->getAccessTokenFromCode($code, '');
         if ($access_token) {
           $this->setPersistentData('code', $code);
@@ -524,6 +529,10 @@ protected function getUserFromAvailableData() {
     if ($signed_request) {
       if (array_key_exists('user_id', $signed_request)) {
         $user = $signed_request['user_id'];
+        if($user != $this->getPersistentData('user_id')){
+          $this->clearAllPersistentData();
+        }
+
         $this->setPersistentData('user_id', $signed_request['user_id']);
         return $user;
       }
@@ -1143,10 +1152,16 @@ protected function getHttpProtocol() {
       }
       return 'http';
     }
+    /*apache + variants specific way of checking for https*/
     if (isset($_SERVER['HTTPS']) &&
         ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
       return 'https';
     }
+    /*nginx way of checking for https*/
+    if (isset($_SERVER['SERVER_PORT']) &&
+        ($_SERVER['SERVER_PORT'] === '443')) {
+      return 'https';
+    }
     return 'http';
   }