Facebook SDK and OAuth 2.0 - working with the token in JavaScript and redirection

Question

When coming back from the Facebook JS SDK login() call I get a cookie set on my side as: ex. (I've changed the characters some)

fbsr_17066472650000: edmYrII1FpD8TfeBCDcgO5ri0aRDFfh5e4efESdXlaU.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNuVW1aS3A4U3p0a0RmNzhLR1FwTE5wSHpasdfafdasdfaVnVfOWo3c01oUFRaYVhjR3FTUFRFRHJrX2Ezasdfadadfasfasfda5ZektURV9xQWxaREV1WlVVZ2hFcDJTVVc4ZVB6d2tmRTVhRHY0RXpRdVhFa0xMd3hKS3gxckMyV1Y4aks1cmtNSHFWZVBaMWpQQklrQkVORDh4ZWtQd0pxUDlLYmMiLCJpc3N1ZWRfYXQiOjEzMjQ0ODUwNjksInVzZXJfaWQiOiI1MTUxNzcxNDcifQ

Is it correct to say that this string breaks down as:

fbsr_{appId}:{token}

Is this the real token? or do I need to encrypt/decrypt something?

Lastly, how can I redirect to another page after the login using something like:

window.location.href='foo.php';

UPDATE 1:
I get this back in my server-side decrypt process. It doesn't seem correct. Or is this what I should expect? (note: I changed some of the data slightly)

{"algorithm":"HMAC-SHA256",
  "code":"AQDnemhHwRHAv1pSI2TjKkO4x36GasdfadfasfdQKJn6Sqh8qgJNnCtzA5C41Y5TvRIp94BWQNTprLVyc4PHmYCPG0jOxkUpJ3RnviYW3p-f9lbWn32qkv7NZv-8T42j6_X3l4IMjH-Nthh7LAIaiy8YradJmRzXQwaKpDP5TP6JssrMFbHYYnRrMA",
"issued_at":1324491454,
"user_id":"515100000"}

Answer 1

What you call token is actually a signed_request which is encoded session details for user.

And the redirection you want after user is logged in can be triggered by providing redirect_uri argument of Facebook Login Dialog url.

For more info read Facebook Authentication documentation

While you need to do decryption on the signed_request on the server side (PHP-SDK can be used for this) on the client side it's not really needed if you using Facebook JavaScript SDK which provides FB.getAuthResponse and FB.getLoginStatus to get user session details.