Advice for website authentication system that queries facebook API [closed]

Closed. This question needs to be more focused. It is not currently accepting answers. 开发者_JAVA百科

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 9 years ago.

Improve this question

I've built a website that authenticates users via facebook.

The way I've set it up is like this: The website uses the facebook JS SDK on the front end, and when the user authenticates with facebook their access_token is sent to my server via an ajax call (using HTTPS for security) - where the graph api is queried and their session is initiated server-side (Using a database for secure session storage of user data).

Can anyone think of any potential problems this approach might lead to? Thanks!

---

This is a very common scenario. The only issue is that unless you request offline_access that token you get is only valid for an hour.