I have an implementation for my website to have facebook single sign on, using their javascript sdk.
The javascript adds the cookie and I deal with it fine.
The question is related to when an user logs out of facebook, I would expect the auth.sessionChange or auth.logout events to fire, but that only occurs when the page is refreshed.
As my implementation is done server-side, this means that after the user logs out of facebook they can access one secure page one more time before being properly logged out.
Is this the normal case or do these events usually fire up straight away and I’m maybe doing something incorrect in configuration of the facebook app?
Almost 1/2 years later, i don’t know if it’s useful, but i try those things myself and observed that the subscribe solution doesn’t work if i log in/out of facebook from their site(not from the current page that contains FB object, like using FB.login()).
Also by constantly polling getLoginStatus and getSession, nothing changes if i log in/out of facebook (!from their site).
My conclusion?! Their script is completely unsynchronized with the real events on facebook.
The only way that worked for me is to constantly do FB.ini(…).(it’s like having a constant refresh)
I hope that it will be useful to other ppl having the same problem….?!?