I'm using the Kohana 3.x Webframework and I integrated Facebook-Login successfully. That means: the user can click on the Facebook-Login-Button, I get the fbs_ Cookie and I can query facebook for all the information i need (like name, friends, etc...).
I believe that I can trust facebook and their security so I just get the facebookid from that accesstoken und map it to my ids in my application everytime. I didnt implement another check and Im not using additinal cookies that I set myself.
But the case is, that it tends to be really slow: For every request the user does, im reading the fbs_ cookie, and get the user id from facebook. I guess it would make way more sence to just use the facebook-login-button for registration and for every new session. I guess I shouldnt use it within a session, because it would be way faster to set my own cookie after the login, and use this for the rest of the session to read all the data.
They are a lot of tutorials on how to implement your own authentification via Cookies etc, and also a lot of tutorials on how to use facebook-login. But I think a lot of people like me are trying to implement both: Facebook for registration and session-login, and your own cookie for the rest of the session.
What are your best practises on that?