My site is sending two different session id cookies (PHPSESSID), one under "www.sitename.com" and the other "sitename.com".
I read this answer here which says to specify the domain used in the 5th parameter, but what about SESSION cookies which are created automatically?
I think the issue is that the facebook login used the PHPSESSID with www. in the domain while the manual login doesn't. This results in two different PHPSESSID cookies which really messes things up.
Not sure why this is happening or how to force facebook to not use www.