FWIW, I know that this isn't an uncommon problem. I found lots of suggestions, mostly for v2 though.
In the end doing this:
url += "fb_sig_session_key=" + Api.Session.SessionKey + "&fb_sig_user=" + Api.Session.UserId + "&fb_sig_expires=" + (Api.Session.ExpiryTime.Ticks - 621355968000000000) / 10000000;
did the trick.
Again, I'm not sure why my redirects worked fine in v2 but failed in v3. I thought the authentication was stored by FDT in a cookie or in session state so we didn't need to pass this around all the time.