1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:36 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Login with Twitter and Facebook

How to keep accounts linked to same user

         

cdog863

4:22 pm on Sep 14, 2011 (gmt 0)

10+ Year Member



I've been developing a site and I've been trying to come up with a method to make sure all Social Network accounts of a certain user are linked together. I've had one snag from the start, and maybe someone here has an idea of what to do.

This is the problem. Let's say someone comes to my site and they click login with twitter.

My site

- creates an account (adds user to member database)
- adds twitter credentials to database for that user
- logs the user in

Now let's say this person logs out, and the next time they come to my site they login with Facebook.

My site

- checks member database for a user with the same email as the one sent from Facebook on authentication
- If there is no match, I create a user
- add Facebook credentials for that user

Here is where my problem comes in. Twitter does not send an email of the user on authentication. So my database and script, when someone logs in with Facebook after they've already logged in with Twitter previously, does not recognize the accounts should be linked and creates a whole new user.

Is the only possible way to keep track with cookies? Or am I just missing something in the logic of it?

Any ideas would be great.

By the way this is for a website, using php + mysql

-------------------------------

Some more details

-------------------------------
My issue isn't when the user is already logged in, everything works great and connects the accounts. It's more like this.

Lets say a user logs in to my site for the first time with twitter. I give them a unique user ID in my "members" database table, then add their oauth credentials for twitter in my oauth table, linking it to their member ID.

Now let's say a month goes by and a user comes back. This time, though, they login with Facebook. There is no way for me to tell which user they are in my database from their previous login with Twitter because I don't have that unique member ID to link it to (and twitter doesn't send an email I could check against).

That's why I'm thinking storing the unique member ID in a cookie is a good idea, but what if they delete the cookie?

httpwebwitch

5:13 pm on Sep 14, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I struggled with this same problem a while ago.

To rephrase the scenario:
1) user logs in using Twitter
2) user logs out, or session ends, whatever
3) user logs in using Facebook

there's no reason to suspect that they be the same person. Don't knock yourself out trying.

The result is, that person will have two accounts. So be it. Perhaps eventually they'll notice that things they do in one account don't show up in the other. Or it'll be puzzling how they needed to enter their profile data again. IMHO figuring out that you have opened two accounts with separate authentication methods is the user's problem, not yours.

scenario two:

1) user logs in using Twitter
2) while logged in, user connects with Facebook
3) Ka-BAM! you know the id's of both and can store those in your db for eternity.

is the Facebook id associated with an account other than the one they're logged in for?
4) provide an elegant way for them to merge the two accounts together

the reverse approach will work too. While someone is authenticated via Facebook, provide an obnoxious way to ask them to "connect your account with Twitter!". Accomplishes the same thing. If the Twitter ID is associated with an existing account, provide a way to merge them together.

cdog863

5:40 pm on Sep 14, 2011 (gmt 0)

10+ Year Member



Hey webwitch

Yeah I was assuming there would be no easy way of doing it but I was hoping!

I really don't think this problem will happen much, if at all. I just guess I need a way of merging accounts like you said.

Appreciate the reply

- Clint

lostdreamer

8:12 am on Sep 16, 2011 (gmt 0)

10+ Year Member



Also look at the following example:

1) Person A uses the family computer to log on to facebook with your website.
2) Person A logs out.
3) Kid brother of Person A logs on to the same family pc and selects his twitter.
4) << Missing step >>
5) Bam, kid brother is inside his sister's facebook account because your website assumes there's only 1 person behind every PC.

It's allways better to sacrifice a bit of usability then privacy.

cdog863

6:27 pm on Sep 20, 2011 (gmt 0)

10+ Year Member



Good point lostdreamer.

So many things to take into consideration.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:36 am Apr 28, 2026