I’m trying to implement a Facebook login for my site and am having a world of trouble. I understand the difference between the client (JavaScript SDK) and server-side implementations, but am confused as to which is the correct approach. What I need is to store the user’s info in my database (userID, email, name, etc.), so I know I’ll need the data on the server side. I don’t want to log in via the JS SDK and send the data to the back end because it can easily be spoofed, so here’s what I tried:

I’ve tried using the SDK and, once the user is logged in, refreshing the page to check for the cookie that Facebook puts in the session, but it doesn’t seem to be present; the only cookie that’s there is the session id.

Additionally, I tried doing a server-side implementation, but this caused the Facebook log in screen to be in the main browser window instead of a popup. This is undesirable because it takes the user away from my site. To force the login workflow to be in a separate window, I’ve thought about popping up a child window that points to my login url that ultimately redirects to Facebook, but then I don’t know when the user is done logging in (I’d need to refresh the main page to hide the facebook login button, etc.).

Any help or ideas would be greatly appreciated! I’d like to do this the right way… not the easy way!