Delete facebook session cookie from my application on users logout

Question

I am working in an application which is using facebook connect to log in the users using their facebook account.

Everything works fine except in the following case:<

Answer 1

<?php

// include the Facebook SDK
include_once 'src/facebook.php';

// Define crutial perams
define( 'APPID',    '' );
define( 'SECRET',   '' );
define( 'URL',      'http://fb.domain.co.uk' );

// shake my hand!
$facebook = new Facebook( array( 'appId' => APPID, 'secret' => SECRET, 'fileUpload' => true ) );

// if we are being visited by someone trying to logout, lets me sure they get logged out!
if( isset( $_GET['logged_out'] ) ) {
    setcookie( "PHPSESSID", "", (time()-3600) );
    header( "location: " . URL );
    exit();
}

// lets try to get the users id
$user_id = $facebook->getUser();
// try to get their access token
$access_token = $facebook->getAccessToken();

// if we have an id
if($user_id) {

    // from the offset, we're good to go...
    $logged_in = true;

    echo "<h1>Logged in</h1>";
    $params = array( 'next' => URL . '?logged_out' );
    $return .= '<br /><a href="' . $facebook->getLogoutUrl($params) . '">logout</a>';

}else{

    // login man!
    $login_url = $facebook->getLoginUrl( 
        array( 
            'scope' => 'read_stream, publish_stream, manage_pages, photo_upload',
            'next' => URL . '?logged_in' 
        ) 
    );
    $return .= 'Please <a href="' . $login_url . '">login.</a>';

}

echo $return

?>

Answer 2

I'm pretty sure I had trouble with this too... you need to make sure that you kill the Facebook session right after you delete the cookie, otherwise it will just pop back up... here's an example

  // Assuming that $facebook is your facebook object populated with your settings
  $facebook = new Facebook(array(
          'appId'  => FB_APPID,
          'secret' => FB_APPSECRET,
          'cookie' => true));

  $fb_key = 'fbs_'.sfConfig::get('app_facebook_application_id');
  set_cookie($fb_key, '', '', '', '/', '');
  $facebook->setSession(NULL);

Answer 3

I had the same problem and tried all the above, but then I suspected that the cookies names are not what I'm expecting them to be and indeed! So I just printed my cookies and check carefully which of them I want to remove:

//print the cookies just to make sure what is the exact name of the cookie
foreach ($_COOKIE as $key => $value) {
    print $key . "=" . $value . "</br>";
}

//delete
if (isset($_COOKIE['fbsr_' . $app_id])) {
    setcookie('fbsr_' . $app_id, $_COOKIE['fbsr_' . $app_id], time() - 3600, "/");
    setcookie('PHPSESSID', $_COOKIE['PHPSESSID'], time() - 3600, "/");

    unset($_COOKIE['fbsr_' . $app_id]);   
    unset($_COOKIE['PHPSESSID']);
}

This php script should run after calling to FB.logout in your js part:

function logout() {
    FB.init({appId: '[your app id]', status: true, cookie: true,xfbml: true});
    var flag = confirm("logout from your facebook account as well");
    if (flag) {
        FB.logout(function(response) { window.location='logout.php' });
    }
}