I've been playing around with the Facebook PHP SDK for a site that I'd like to use Facebook's single sign in for. I've been able to login to my Facebook account from my site and successfully tested a few of the features (posting to /me, an FQL query etc.).
When generating the login URL I have set the cookie parameter to true, however I seem unable to establish a persistent session with Facebook. At the moment the Facebook login window redirects the whole website (I have not yet tested this within the webpage or a popup). The user can authorise and is returned to my site, but the session data is stored in a query string on the return URL. If this string is removed the user must reauthenticate.
Previously I have worked with the JS SDK and this has not been an issue. It's worth noting in this case that I am avoiding using the FBJS (because I believe the PHP SDK is an alternative) and FBML (because it is deprecated) - I also have not implemented a cross domain communication file as this appears to be unnecessary.
I have read about conducting the authentication within an iFrame. I'm unable to find any documentation about this though.
I have considered storing the $_GET querystring in a session on my site and appending it to the website URL, or an iFrame URL, when I need to authenticate. I'm certain that this is the incorrect way to achieve what I'd like though.
Please could someone point me in the direction of some documentation regarding this. Perhaps I am mistaken in thinking I can do this without JS, or maybe I need to manually set up the session cookie? I've searched at length but have been unable to find any documentation that describes this specifically.
Thanks for any help!