Ivan,
Apologies. I looked through our code, and indeed, that setting can change based on whether the user is logged in or not.
I did some more investigation of this issue today, and found the following 2 bug reports of similar issues:
stackoverflow.com/questions/8762756/face...-session-wont-delete
developers.facebook.com/bugs/23237779350...d1048c4b8b3884111464
Basically, Facebook isn't deleting their own cookie (as mentioned above) on some sites. We've only heard about this on your site, and possibly one others (we're still investigating), so it seems very uncommon. However, if you want to try to destroy the cookie yourself, the following code may work for you. In the /components/com_jfbconnect/controller.php file, in the logout function (at the bottom), add the following lines right before the $app->logout call:
$appId = $jfbcLibrary->facebookAppId;
unset($_COOKIE['fbsr_' . $appId]);
$app = JFactory::getApplication(); // ALREADY IN FILE
$app->logout();
You can use any browser's developer tools to check if the cookie exists before you click logout, and if it's properly destroyed after logging out. If not, let us know, and we'll try to come up with something else. Unfortunately, this seems to be a bug that Facebook introduced. While we'll be looking for workarounds, as there are other changes to their cookies that we need to accommodate, we may have to wait for them to fix this. Until then, if the above doesn't work, we'd recommend leaving the auto-login functionality disabled on your site.
Thanks,
Alex
Jomsocial logout button
