With this you can promote a session from PHP to Javascript and from Javascript to PHP using the Facebook->setSession() function
<?php
require 'facebook.php';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => $appId,
'secret' => $secret,
'cookie' => true,
));
$_SESSION['facebook'] = $facebook;
// We may or may not have this data based on a $_GET or $_COOKIE based session.
//
// If we get a session here, it means we found a correctly signed session using
// the Application Secret only Facebook and the Application know. We dont know
// if it is still valid until we make an API call using the session. A session
// can become invalid if it has already expired (should not be getting the
// session back in this case) or if the user logged out of Facebook.
$session = $facebook->getSession();
$me = null;
// Session based API call.
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
//error_log($e);
}
}else{
//pass in json object of FB._session and convert it to array
$session = json_decode(stripslashes($_POST['session']));
$session = (array) $session;
if($session)
$facebook->setSession($session);
}
?>
var constant = {};
constant.session = <?php echo json_encode($session); ?>;
window.fbAsyncInit = function() {
FB.init({
appId : '<?php echo $facebook->getAppId(); ?>',
session : constant.session, // don't refetch the session when PHP already has it
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
if(!FB._session)
stream.load();
else
jwpage.getAlbums();
// whenever the user logs in, we refresh the stream
FB.Event.subscribe('auth.login', function() {
jwpage.getAlbums();
});
};
(function() {
var e = document.createElement('script');
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
</script>