I’m using v3 of both the JS SDK and PHP SDK for Facebook Connect. When looking at the example code here there’s a part that I’m wondering about (I compacted it somewhat due to length)

// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.
if ($user)
  $logoutUrl = $facebook->getLogoutUrl();
else
  $loginUrl = $facebook->getLoginUrl();

The large comment at the beginning and the position of the logout code concern me. They seem to imply that getUser() does not garantee that getting a user id means that everything is valid, you still must contact Facebook again (in this example its just getting the users profile info) to completely verify that everthing is fine. Is this true?

My reason for asking is that I want to cut out code (and in this case unnesssary backend requests) I don’t need and for my pourposes I don’t need the users entire users profile on every single page load, I just need a FB ID if the user is logged in.