php - Facebook server login doesn't retrieve info if user refreshes page -

the code according fb manual, , ve noticed if user refreshes page, can't retrieve id of user..the user need clear address bar entire string after url, in order able obtain user info..

<?php      $app_id = "myid";    $app_secret = "mysecretkey";    $my_url = "http://myurl.php";     session_start();     $code = $_request["code"];     if(empty($code)) {      $_session['state'] = md5(uniqid(rand(), true)); // csrf protection      $dialog_url = "https://www.facebook.com/dialog/oauth?client_id="         . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="        . $_session['state'] . "&scope=publish_actions";       header("location: " . $dialog_url);    }    if($_session['state'] && ($_session['state'] === $_request['state'])) {      $token_url = "https://graph.facebook.com/oauth/access_token?"        . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)        . "&client_secret=" . $app_secret . "&code=" . $code;       $response = file_get_contents($token_url);      $params = null;      parse_str($response, $params);       $_session['access_token'] = $params['access_token'];       $graph_url = "https://graph.facebook.com/me?access_token="         . $params['access_token'];       $user = json_decode(file_get_contents($graph_url));    echo var_dump($user);    else {      echo("the state not match. may victim of csrf.");    } 

var_dump returns me necessary information after first redirect, if refresh page returns null.. perhaps need "destroy" session cookies??

this happens cause $code using no longer valid , has been consumed.
might suggest use facebook's php sdk. reduce time develop app , take care of these errors you.