Giang,
I just looked at your site. It's definitely a session token issue, but I'm not sure why. In both of the login modules there is a hidden 'token' for the user session. The token is different for both the SCLogin module and Login module, which is not correct. They should use the same token.
The token field looks like:
<input type="hidden" name="e342b10018b000b34b2404c6573903c1" value="1">
That is being inserted by the following line in our template file, which is how it's supposed to be done:
echo JHTML::_('form.token'); ?>
Do you have any template overrides setup for the SCLogin module? Is caching or any optimization plugin enabled on your site? I'd disable anything that's meant to speed things up on your site to see if that fixes the issue.
The Facebook login is likely affected by the same issue. We'll just need to understand why the session isn't being detected correctly by our module.
Thanks,
Alex