This can be a bit tricky. Basically Facebook stores a bunch of cookies on the user’s browser that are namespaced to your application id (ie. 12345_fb_sig=etc). These cookies are used to tell your FB Connect app that the user has logged in to Facebook, and pass along the facebook session id. But if the user goes somewhere else and logs out, these cookies don’t get cleared, and as far as your Connect site is concerned, the user is still logged in. If the user comes back later and you try an API call with that session key, it will fail.

You can clear these cookies from a server-side library call to the PHP FB API client, $facebook->api_client->clear_cookie_state(), however, I wouldn’t recommend this method. It requires you to make some kind of API call on each page load in order to confirm that the session key is still valid, and that adds a lot of overhead.

Generally, the best way to handle this is with the FB Javascript libraries that you’re already utilizing for FB Connect. You can add a parameter to the FB.init() call used to set up FB Connect that will force a page refresh if the client’s session state has changed:

FB.init("<YOUR-API-KEY>", "<YOUR-CROSS-DOMAIN-CHANNEL-URL>", {"reloadIfSessionStateChanged":true}); 

It’s a bit inelegant, as the user will see a page reload happening, but it’s likely the best way to be sure. I would highly recommend you check out the Detecting Connect Status wiki page for more on these techniques.