After authenticating the user, I save the authorization token insidea database. Than I save his Id inside a cookie. Each time he accesses a page I check to see if the cookie is there. If it s not there, I try to get another authorization cookie and replace the old in the database, and create that cookie.
I have a deep feeling I am wrong:0 Can you tell开发者_运维百科 me how should I handle this?
You should not deal directly with cookies but use a SDK that do it for you. For C#, you can use the Facebook C# SDK. Check out the API Quickstart guide if you want to have a good overview.
You should store the token in you database only if you ask the offline_access
permission when you get the access token because token expires after a few hours.
If you do ask for the offline_access
permission when you get the token, then you can store it in your database and make API calls with that token anytime you want (without having to check the user session or cookie).
Hope that helps !
精彩评论