Facebook setExtendedAccessToken() and FB.Event.subscribe('auth.login')

Question

I'm currently developing my first facebook application. I have a problem with the setExtendedAccessToken() function in combination with FB.Event.subscribe('auth.login').

My js-code looks like this:

window.fbAsyncInit = function() {

    // init the FB JS SDK
    FB.init({
      appId      : 'XXX', // App ID from the App Dashboard
      channelUrl : 'http://domain.tld/app/channel.php', // Channel File for x-domain communication
      frictionlessRequests: true,
      cookie: true, 
      xfbml: true
    });

    FB.Event.subscribe('auth.login', function(response) {
        $('#loginSpinner').show();
        $('#loginFacebook').hide();
        window.location = "http://domain.tld/app/?first_login";
    });      

};

The auth.login event should only trigger on the first login of the user. This PHP Codes should also only trigger on the first login:

// triggers on first login
if (isset($_GET['first_login'])) {
    if ($me) {
        $facebook->setExtendedAccessToken();
        $friends = $facebook->api('/me/friends');
        $friends = $friends['data'];
        if (!empty($friends)) {
        //sql
        }
        $permissions = $facebook->api("/me/permissions");

        if( array_key_exists('publish_actions', $permissions['data'][0]) ) {
            $attachment = array(
                    'message' => 'XXX',
                    'name' => 'XXX - App',
                    'link' => 'http://domain.tld/app/',
                    'description' => 'XXX',
                    'picture'=> 'http://domain.tld/app/img.jpg',
                    'access_token' =>  $facebook->getAccessToken()
            );
            $facebook->api('/me/feed', 'POST', $attachment);

            //sql
        }
    }
    header('Location: http://domain.tld/app/');
    exit;
}

The problem is an infinite loop which will always call the auth.login, because setExtendedAccessToken() will destroy the current session and facebook will login the user to my app automatically.

Is there a way to trigger auth.login only once? When I set setExtendedAccessToken() as a comment

// $facebook->setExtendedAccessToken();

my site only redirects the users once as it should be. But I need the extended login for my app.

My previous question: My WebApp (using facebook login) logs me out

Answer 1

Well then why don't you do this:

FB.Event.subscribe('auth.login', function(response) {
        //it will only redirect if the token expires in less than 02h13m20s
        if(response && response.authResponse.expiresIn < 8000){
        $('#loginSpinner').show();
        $('#loginFacebook').hide();
        window.location = "http://domain.tld/app/?first_login";
        }
    });