User stays logged in after FB logout

Jan 28, 2008 at 12:17 AM
Heres the situation:
1) User A logs in to Facebook and navigates to app
2) User A logs out of facebook
3) Type app url in (http://apps.facebook.com/xxxxx) and it still thinks User A is logged in
4) Log into FB with User B account and navigate to app
5) App still thinks User A is logged in.

This problem has been discussed here before but none of the proposed solutions are working for me. I have an iframe app using the latest Toolkit libraries. I am using a master page to handle security which extends the CanvasIFrameMasterPage:

public partial class Default : CanvasIFrameMasterPage
{
protected void Page_Init(object sender, EventArgs e)
{
base.Api = FACEBOOKAPIKEY;
base.Secret = FACEBOOK_SECRET;
base.Page_Init(sender, e);
}
}

Any thoughts on how to fix this problem?
Jan 30, 2008 at 2:33 AM
Well I fixed the problem that happens when another person logs in - that one was my own fault for using a different session variable from the one that the Toolkit uses. However I still have the problem that a session stays active after a user logs out. If no one else logs in and the user forgets to close the browser, someone could view the app under his/her account (basically steps 1-3 above).

Shouldn't the toolkit see the lack of session string and redirect to the login page?
Feb 2, 2008 at 2:01 AM
Hello mate,

Im facing the same problem.

As you said, only if the user closes the browser, the session will be cleared.

You said that you fixed the problem when another logs in. would you please explain more?

Feb 2, 2008 at 7:19 AM
It turns out if you use the base canvas page provided by the toolkit, in my case CanvasIFrameMasterPage, it will automatically take care of the problem of another user logging in.

I still don't have a solution for the user logging out and no one else logging in.