My personal approach is to use the PHP SDK to check again if the user is logged in: https://github.com/facebook/facebook-php-sdk
You can just add the Facebook ID of the User to an AJAX call, check server side if the User is the correct one at the beginning of your script:
require 'facebook-php-sdk/src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_SECRET',
));
// Get User ID
$user = $facebook->getUser();
if ($user && $user === $_GET['fbid']) {
...
}