Facebook Connect is great when it works, but like with any SAAS solution, if they go down, your site does too.
The latest bug is especially annoying, as it had previously arisen in December and was fixed by Facebook the following day. The current incarnation is (as of now) still not fixed, 3 days later. It manifests itself in people being unable to log out of websites that use Connect.
The root problem, as I see it, is that the “domain” for the fbsr_ cookie that Facebook sets on your domain, suddenly changed from “www.yourdomain.com” to “.www.yourdomain.com”, which the Facebook SDK is unable to remove. I suspect the problem is in the Javascript SDK, which they host, but it may be in the PHP SDK for all I know. But regardless, this is a bug on the Facebook platform that causes it.
To work around it, download the excellent cookies project from Google Code and reference it in your logout page. Then do this
var fbsr_cookies = jaaulde.utils.cookies.filter(/fbsr_/); for (c in fbsr_cookies) { jaaulde.utils.cookies.del(c, { path: '/', domain: '.' + location.host }); }
There are much shorter ways of coding this yourself using regexes, but this works. I do hope they fix this soon, and prevent it from coming back in the future.
Alas, sometimes you get what you pay for, and Facebook is free.