I am in the process of designing and coding an OAuth based login integration system. I was looking at the various Facebook / Twitter implementations and I like the way Xenforo automatically logs in a user if a> He is logged into Facebook.com and b> He is a Facebook Connected user on XF.com. Is this auto-login behavior cookie based? If yes, do you check for the cookie for every new visitor session as seems required? If yes, does this put any overhead on server or slow down page loading in any way? I am currently in a functional design phase for my application and haven't really started coding yet so I can't be any more specific. I am trying to understand the authentication workflow when a repeat user who has previously connected to the site with facebook, and is currently logged into facebook visits xenforo. Thanks for any insights.