Facebook JS SDK FB.logout() doesn't terminate user session

Question

I'm attempting to log a user out of facebook with the Facebook JS SDK, however calling:

FB.logout(function(response){
    console.log(response);
});

returns: response.status == "connected"

And only after refreshing the page does the SDK realize that the session has ended. Anyone know what could be causing this behavior? This code previously worked in my application and has recently started behaving this way.

Another example using FireBug:

Answer 1

As i have spent lots of time to find out exactly what is happening in the FB logout, felt better to share it here for others.

First thing, Please read the documentation here

A person logs into Facebook, then logs into your app. Upon logging out from your app, the person is still logged into Facebook.

this point killed 90% my of time. When i have logged in from facebook.com and trying to test login button in my application, it worked as expected, but logout was not terminating the session.

Solution or Fix: As per the scenarios given in the document, it will not terminate the user session, as the login is not initiated from the app, it is from facebook.com. so in this case, fb will not terminate the session.

When you login into fb, from your app (fresh login as username and password), system consider the source/trigger of the session as your app. so when you do logout (window.FB.logout or FB.logout) it will terminate user session completely.

So please logout from facebook.com before testing login functionality in your app.

As other mentioned, use below code to logout

FB.logout(function(response) {
 // response from logout will have authResponse with access_token so better to test the status as it will return "unknown"
 if(response.status !== "connected") { } \\ do some check on the status of the login before considering successful logout.
});

Last but not least: to test from localhost, please update the settings in FB APP

1. Update App Domains to localhost
2. Site URL under Websites to http://localhost:3000/

This will solve issues faced in testing from localhost

Answer 2

FB.logout(function(response) {
  ...
});

This FB.logout method is working 100%. The problem is that users are trying to call it from localhost which is not working.

Please try call it from server.

Answer 3

in asp.net mvc application i did it as following.

---

<a href="javascript:void(0);" class="logOff">Log out</a>

---

$(function () {


    $(".logOff").click(function () {

        //check if logout is 
        FB.getLoginStatus(function (response) {
            console.log('inside login status');
            if (response.status === 'connected') {
                // the user is logged in and has authenticated your
                // app, and response.authResponse supplies
                // the user's ID, a valid access token, a signed
                // request, and the time the access token 
                // and signed request each expire
                var uid = response.authResponse.userID;
                var accessToken = response.authResponse.accessToken;
                FB.logout(function (response) {

                    FB.Auth.setAuthResponse(null, 'unknown');

                });
            } else if (response.status === 'not_authorized') {
                // the user is logged in to Facebook, 
                // but has not authenticated your app

            } else {
                // the user isn't logged in to Facebook.
                console.log('response status not logged in');
            }
        });
        window.location.href = '@Url.Action("LogOff", "Account")';

    });

Answer 4

It may be doesn't work because you don't include your Facebook app key. It works for me like this:

 Ext.get('auth-logoutlink').on('click', function(){   
                  FB.getLoginStatus(function (response) {
                    if (response.authResponse) {
                       window.location = "https://www.facebook.com/logout.php?confirm=1&api_key=**MYAPIKEY**&next=" +
                         '**MYWEBSITEURL**' +
                         "&access_token=" + response.authResponse.accessToken;
                    } else {
                       //HIDE **LOGOUT BUTTON**
                       //SHOW **LOGIN BUTTON**
                    }
                  });
        }); 

Answer 5

Ok guys I found a solution for this:

Put up onClick event for the logout <a> tag like this

onclick="FB.logout(function() { document.location.reload(); });"

All together:

<a href="#" 
   id="auth-logoutlink"
   style="float:left;font-size: small;"
   onclick="FB.logout(function() { document.location.reload(); });">
   [logout]
</a>

Answer 6

It appears broken in Facebook. On FB rell you can login but the logout function does nothing. http://www.fbrell.com/auth/all-in-one

Answer 7

I've faced similar kind of problem. I've used FB.getLoginStatus() after Logout.

Answer 8

https://developers.facebook.com/bugs/245362365535898?browse=search_4f112135664703a96454690 This is a bug in the JS SDK that has now been fixed and it should get pushed in not too long.
Until then you can do the following

FB.logout(function(response) {
  FB.Auth.setAuthResponse(null, 'unknown');
  ...
});

Answer 9

See http://hustoknow.blogspot.com/2012/01/dealing-with-zombie-facebook-cookies.html

When you logout, a cross-domain request gets sent to Facebook to invalidate the session. When you hit reload, another request gets sent to Facebook's site -- since FB recognizes the cookie as invalid, it correctly deletes the cookie from your browser.

I suspect it's a regexp bug in how they forgot to parse the fbm_ cookie, recently introduced in the last day or so. I'm just surprised that this fix hasn't been pushed.

Answer 10

I have the same experience with the FB.Logout() not working as advertised. As a workaround I use the below javascript function to check if the user is logged in and if so, redirect to https://www.facebook.com/logout.php with the URL of the subsequent page to load and their access token:

    function reallylogout() {
      FB.getLoginStatus(function (response) {
        if (response.authResponse) {
           window.location = "https://www.facebook.com/logout.php?next=" +
             'URL to redirect to' +
             "&access_token=" + response.authResponse.accessToken;
        } else {
           $("#loginButtonDiv").show();
           $("#logoutButtonDiv").hide();
        }
      });
    }

The show/hide bit is just jQuery to show or hide divs that have a login and logout button in them. The logout button's onclick triggers the reallyLogout() function.

This works for my app.