When I open facebook.com for first time (no other tabs are opening any facebook page)
it shows as I'm not logged in and asking for my email and password (I think it's the login page)
Suddenly, it changes to my facebook's home page (home.php) without me doing anything.?!?!?
So, I monitored it using Wireshark and I got the sequence of opening facebook as...
Request: GET / HTTP/1.1 Host: www.facebook.com HTTP/1.1 200 OK Request: GET /openid/receiver.php?provider_id= Host: www.facebook.com Referer: http://www.facebook.com [FB_ID]&protocol=http&context=background_login&request_id=0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2010-11-16T08%3A29%3A[SOME RANDOM]&openid.return_to=https%3A%2F%2Fwww.facebook.com%2Fopenid%2Freceiver.php%3Fprovider_id%3D[FB_ID]%26protocol%3Dhttp%26context%3Dbackground_login%26request_id%3D0&openid.assoc_handle=[SOME RANDOM]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[SOME RANDOM]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[SOME_RANDOM]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[SOME_RANDOM]&openid.ns.ext1=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0&openid.ext1.mode=popup&handle=[RANDOM AGAIN] HTTP/1.1 HTTP/1.1 200 OK (comes with Cookies and OpenID data which is plain text T_T) Request: POST /login.php HTTP/1.1 Host: www.facebook.com Referer: http://www.facebook.com/ HTTP/1.1 302 Found Request: GET / HTTP/1.1 Host: www.facebook.com Referer: http://www.facebook.com/ HTTP/1.1 200 OK Now it's logged in.
Verdict:
It's good that finally facebook joined the main stream of single-sign-on community to use OpenID.
But maybe it can be less obvious without flickering page like this. I think it could be done in background between Facebook - Google
No comments:
Post a Comment