facebook logout security

[scvnc]

Interesting problem --

case: User logs off of facebook
problem: our app session continues to exist and still displays the previous authenticated user even after another user logs in.

I suppose it will fail/correct once an api call is made.

[phpwerks]

Added an API call and the issues persists.
Here is what was added

$facebookId = $this->_facebook->getUser();

// From the FaceBook API docs
if (!$facebookId) {
$this->_redirectToLoginUrl();
} else {
// make sure the user is still logged in
try {
$me = $this->_facebook->api('/me');
if ($me) {
//User is logged in
}
} catch (FacebookApiException $e) {
//User is not logged in
$this->_redirectToLoginUrl();
}
}