Musings on the State of the Art

Was fiddling with the facebook API last night for something, and came across a strange gap.

There doesn’t seem to be an easy way (from the documentation) to get a server side loginstatus for the individual. This isn’t exactly an enterprise app I was building, was just checking to see if I could get something up and running quickly, when I came across this issue.

Let me describe the problem, and how I solved it, but it might not work for all.

The issue is simple – how can I tell, server-side, if someone is logged into facebook or not.
There are two flavors of logged into facebook

logged in, but not known to my application

logged in, and have authorized my application to do X,Y & Z

Scenario 1 is even more perplexing, but I’ll get to that in a second.

In scenario 2 – if you already have the users auth_token, then, with every call that you want to protect non logged in users from making, you can ask for some non-public information from the facebook Graph API. When facebook denies you that access, the user has gone offline, and you should log them off.

However, let me add in a twist, what if you have asked for offline access. In that scenario, facebook doesn’t expire the auth_token, and my proposed solution above doesn’t work.

What’s more perplexing about this is that there used to be a solution for this in the Facebook_Connect (now deprecated) API.
There was https://facebook.com/restserver.php which when sent the right auth_token, and method could return auth.getsession.

This might still work, but there is no reference to it in the documentation anymore, and the PHP SDK specifically refers to it as the “old” method. I’m going to assume things labeled in that manner aren’t going to survive very long.

So, this leaves me with only the JDK API that references anything about getLoginStatus. How do I use that to work with the rest of my application that is entirely server-side code (in Rails)?

Well, the answer is I don’t really.

Here’s what I did
Session outside of facebook’s session
I create and use my own session for the most part. The only way to start a session is to authenticate into facebook, but assuming you give me permission, I have offline access and can keep accessing your fb data. When the user wants to do something “sensitive”, I run the following script at the top of the page

<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({
appId : 'YOUR APP ID',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});

FB.getLoginStatus(function(response) {
if(response.session) {
fbCheckUserPerms();
} else {
//no user session available. Either, you don't know them, OR, they aren't logged into facebook.
if(response.status == "notConnected") {
// They are logged into facebook. Redirect them to a page that proposes they authorize your app, and tells them why.
alert("But is logged In");
} else {
//They are no longer logged into facebook. Redirect to a page that destroys the current session
}
}
});

</script>

Note, that this script is a little more than needed to make the solution work, but it also helps with scenario 1 from above. They are logged into facebook, but unknown to me. In that case, I take them to a page that describes the value proposition of my application and personalizes the page with the Registration & Login button social plugin.

If they are not logged into facebook, I forward them to a page within my application that destroys their session, and then forwards them to the login screen.
Not the most efficient way by a stretch, and clearly not all server-side, but I can make that work for now,

One thing to be careful of. If they are already on a sensitive information page – and then log out of facebook in another tab, just running this at the top of the screen might not be enough. You might have to rerun this script prior to submitting whatever it is that you don’t want to let them do when they aren’t logged into facebook.

M app doesn’t allow for much of this, so I’m fairly safe, just checking on page load.

These days, many companies are attempting to get involved in Social Media outlets (TwitFaceSpace, as one of my customers refers to it).

The issue with getting involved in the “social” space (blogs, wiki’s social networks) is the commitment to keeping it up. Many of us as individuals have started blogs, but realized quickly that the ability to keep it going requires tremendous commitment, with little (or no) discernible ROI for a long time.

However is that true for corporations as well? Is there a direct connection between being engaged in the Social Media space, and your bottom line? Seems intuitive that if you do it right (that’s the catch), and your users are engaging with you in these media, then they will also engage with your products, or at least feel an increased affinity to you and your products, that might not have been there before.

The EngagementDb intends on putting that question to rest. The EngagementDb attempts to create a co-relation between user interaction and engagement in social spaces, and the companies bottom line.

It studied several distinct channels in an attempt to determine the extent of user engagement, and interaction. It then proceeded to score each of the 100 most valuable brands as identified by the 2008 BusinessWeek/Interbrand Best Global Brands ranking.

Top 100 Brands (alright, only some of them!)

The top 10 ENGAGEMENTdb brands with their scores are:

1. Starbucks (127)
2. Dell (123)
3. eBay (115)
4. Google (105)
5. Microsoft (103)
6. Thomson Reuters (101)
7. Nike (100)
8. Amazon (88)
9. SAP (86)
10. Tie – Yahoo!/Intel (85)

The EngagementDb classifies organizations into 4 categories based on how, and where they choose to interact with their users.

• Mavens – brands that have made social media a core part of their go-to-market strategies and are very active in many channels; usually driven by dedicated teams assisted by company-wide awareness and participation.
• Butterflies — brands that recognize the need to be in many channels but have only met with real success in a subset of their activities; these companies are usually spread a bit too thin.
• Selectives – brands that focus on just a few channels and excel in those; these efforts are usually initiated by an internal evangelist.
• Wallflowers — brands present in only a few channels and very lightly in those; these brands are sitting on the sidelines and are wary of the risks. They are still trying to figure out the best next steps and investments in social media.

Now, you want to put it to the test don’t you? Well you can – right away. You can even attempt to rank your brand and see where you fit into that ranking. Head on over to the EngagementDb.

P.S. : As an interesting bit of insight – the EngagementDb – a piece of media about social spaces is currently drawing most of its traffic from Arrington (TechCrunch) and Twitter. I have a thought rattling about in my head about the graph of traffic sources for new content. Will try to write a post regarding that later tonight.