许多服务器端Facebook SDK均未按照Facebook在过去3个月或4个月内共享的文档和推荐做法来处理身份验证.您找到了一个很好的例子，说明PHP SDK如何使用(或不使用)code参数.还有其他示例，例如SDK可以直接读取Facebook cookie，这是Facebook工程师告诉开发人员的，他们不应该这样做，因为cookie只是实现细节"，而不是Facebook以外的开发人员应该建立依赖的东西.

Many of the various server-side Facebook SDKs do not handle authentication in accordance with the documentation and recommended practices Facebook has shared over the last 3 or 4 months. You found one good example of this in how the PHP SDK uses (or doesn't use) the code parameter. There are other examples such SDKs directly reading the Facebook cookies, something Facebook engineers tell developers they should not do since the cookies are just "an implementation detail" and not something developers outside of Facebook should be building dependencies on.

我不确定您的工作代码示例中的代码在哪里，但是我找不到对包含诸如fbconnect=1

I am not sure where you got that code in your working code example, but I couldn't find any support for including parameters such as fbconnect=1

因此，鉴于SDK未按照Facebook的建议和文档实施身份验证，并且Facebook在其文档中提供了完整的PHP实现，我建议您仅使用Facebook提供的版本，在此处复制并粘贴以供您参考此页面 http://developers.facebook.com/docs/authentication/:

So given that the SDK is not implementing authentication as per Facebook recommendations and documentation, and that Facebook has provided a complete PHP implementation in their documentation, I recommend you just use the version Facebook provides, copy and pasted here for your reference from this page http://developers.facebook.com/docs/authentication/ :

     <?php 

       $app_id = "YOUR_APP_ID";
       $app_secret = "YOUR_APP_SECRET";
       $my_url = "YOUR_URL";

       session_start();
       $code = $_REQUEST["code"];

       if(empty($code)) {
         $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
         $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" 
           . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
           . $_SESSION['state'];

         echo("<script> top.location.href='" . $dialog_url . "'</script>");
       }

       if($_REQUEST['state'] == $_SESSION['state']) {
         $token_url = "https://graph.facebook.com/oauth/access_token?"
           . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
           . "&client_secret=" . $app_secret . "&code=" . $code;

         $response = @file_get_contents($token_url);
         $params = null;
         parse_str($response, $params);

         $graph_url = "https://graph.facebook.com/me?access_token=" 
           . $params['access_token'];

         $user = json_decode(file_get_contents($graph_url));
         echo("Hello " . $user->name);
       }
       else {
         echo("The state does not match. You may be a victim of CSRF.");
       }

     ?>