A proper approach to FB auth

Question

My project uses Node.js and Express, but the question is about generic approach.

Our users are all from FB and we don\'t have any auth other than FB. We need to asso

Answer 1

Actually it's totally incorrect to say that "in order to be real-time, you need to use JS SDK"! Facebook has "Realtime Updates Graph API" and every time some data gets updated, your local db gets updated automatically, then you don't need to use JS SDK

Answer 2

Using the JS SDK is the only feasible way to know a user’s status in “real-time”. (“real time” in quotes, because the result of FB.getLoginStatus gets cached as well – if one wants it to be accurate at all times, one must use the second parameter set to true.)

If you have the JS SDK set up to set cookies under your domain, then the PHP SDK is able to determine the login status of the user without any API lookups over HTTP – it just reads the user ID from cookie, so Facebook::getUser() will get you the user ID. That would be enough to display the picture – but for the user name, that’ll still require an API request.

Here you could opt for requesting the name once – and then saving it into your session. If, on the next request, the JS SDK indicates that the user is not connected any more, you could erase the login info from the page and/or force a reload (and on that, clear the session), to return to the not logged in state.