这篇文章

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

识别Google和Facebook中的安全风险，这将允许您确定如果用户登录了，而没有官方API存在，检查用户是否登录，没有用户授予您明确的权限访问此信息，ab ove文章显示如果用户登录，您可以猜。

注意：文章标识了一个黑客，所以不能保证在未来，如果或何时Google& Facebook识别这些安全隐患。

This question is not a duplicate of this one.

I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).

The reason is that I want to pring user comments in my html code so that search engines can index them.

When a user is logged into facebook I want to replace the html code with the facebook comments snippet.

If not an alternative old school comment form should be displayed.

I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.

I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.

My questions are:

• Can I somehow find out if a user is logged into facebook?

• Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?

This article

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information

identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.

Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.