"Official" Suggestion and Sample Code in Upgrading to The PHP SDK v3.0

First of all, let's take a look at how Facebook describes the code changes in upgrading to the PHP SDK v3.0 here.

Based on that post, we basically have to change the code that is related to validating the facebook user session.

In the PHP SDK v2.x, we need to first check and validate the user session and see if we need to trigger the authentication flow. This idea is illustrated by modifying the sample code stated in Facebook's blog.

$facebook = new Facebook(…);
$session = $facebook->getSession();
if ($session) {
  // proceed to validate the session object
}

if !($session and $currentSessionObjIsValid) {
  // proceed to handle the user login and/or authentication
}

The "user session" concept no longer exists in PHP SDK v3.0 and is replaced by a "user" concept. So, instead of obtaining and validating the session object via the PHP SDK, we now need to obtain and validate a user object. Again, the sample code in Facebook's blog is modified to illustrate the concept (in fact this is what the sample code in the PHP SDK shows to us):

$facebook = new Facebook(…);
$user = $facebook->getUser();
if ($user) {
  // proceed to validate the user object
} 

if !($user and $currentUserObjIsValid) {
  /// proceed to handle the user login and/or authentication
}

This summarizes what Facebook's blog or the updated sample code in the PHP SDK. It looks simple..... BUT if you try to do upgrade by simply change the corresponding codes in your application, I believe there are still issues in the authentication flow of your application.