FB login opening other user

JFBConnect stores a link between the user's social network account and their Joomla user account in the #__jfbconnect_user_map account. When you delete a user, the row in that table for the user should also be deleted.

Even if that row wasn't deleted, if the user attempts to login with their social network, the joomla user ID shouldn't exist anymore so it shouldn't log them in at all (and definitely not with a random, incorrect user).

With all that said, I'd go into the JFBConnect -> Usermap admin area and search for the user. If there is still a row associated with their old account or their social network, delete it. You can also search for the Joomla user they are being logged in as and make sure it is not linked to the wrong social account.

You can alternatively check the database directly by searching for the j_user_id field for the original, new or incorrect Joomla user Id's.

I hope that helps point you in the right direction. This isn't something we've seen before, so we'd love to hear if and how you resolve it. If you need more from us, just let me know.

Thanks,
Alex

There are only 2 ways that JFBConnect should be linking or updating a Joomla user based on their Facebook account info:

1) If they already have linked their Facebook account to your site and there is a row in the user_map table with their Facebook ID and the Joomla user ID of the account it's associated with.
If the Joomla account that is being updated is always the same, search the j_user_id column of this table for the Joomla ID of the user to see if a row matches.

2) If no row exists for that j_user_id, then the other way JFBConnect would automatically update or link the Facebook account to the Joomla account is if their email addresses are the same between FB and Joomla. Check/ask the user what their Facebook email is and see if it matches some other user on your site. If so, that is why the two are linked.

Beyond that, we don't know of any reason that a Facebook account would update a different Joomla account. If that is still happening, please let us know as many details as you can:
* Is it always the same Joomla account or a different one?
* Is there any connection between the 2 accounts (do the users know each other, etc) or are they completely unrelated to each other?
* Is the Joomla account linked to a Facebook or other social network account?

Thanks,
Alex

Are you using the same computer to log in and out of different accounts? The only other thing I can imagine happening here is a scenario like:
* User A opens a tab to your site, but does not login
* User B opens a separate tab to your site and logs in
* Then, in User A's tab (which still shows the site as logged out) attempts to login with a Facebook account

In this specific scenario, it is likely that User B's Facebook account will become associated with User A's Joomla account. The reason is that after User A logs in, there are cookies set in the browser saying that user A is logged in. When user B clicks the login w/ Facebook button, the cookies that say A is already logged in are sent to Joomla and JFBConnect would think that user A is trying to connect their Facebook account.

The cookies are hashes of session data, so it's not like they could be spoofed by a user to fake they are logged in. That's basic security, but if you're on a shared computer and not logging out after a session is complete, the above scenario is likely possible.

Let me know if that makes sense as well.

Thanks,
Alex