For one of my websites, I’ve implemented the Facebook login option, using the Facebook php SDK. Even though working with Facebook SDK’s can be frustrating, as their processes and rules change often, it is an easy way for users to log in.

Everything was working great, until a few months ago. I noticed that when the user clicked the url generated by $facebook->getLogoutUrl, the user was logged out from Facebook (as documented), but I still got the user’s Facebook data using $facebook->getUser();. In other words, my website still showed the user as logged in. I first thought I did something wrong (like forgetting to unset a $_SESSION-variable) but after careful investigation, it turned out to be a Facebook issue.

The $facebook->getUser() documentation states “this method returns the Facebook User ID of the current user, or 0 if there is no logged-in user.” However, after logging out, $facebook->getUser() still gave me the Facebook User ID. Also $facebook->api('/me') still gave me all details. Strangely enough, going to www.facebook.com gave me the Facebook login page, so I was definitely logged out.

After a lot of Googling and testing, I finally could make it work by adding $facebook->destroySession() to the code that is called by clicking $facebook->getLogoutUrl. After a $facebook->destroySession(), $facebook->getUser(); seems to give 0, as it should.