I was banging my head against a Facebook Connect problem with one of my clients’ Rails apps recently, and I thought I’d share a useful tidbit I gleaned from the experience, in case it can spare someone else the headache I had.
This app originally supported just plain-old users who created an account at the site with a username and password. Then the client requested that I add Facebook Connect as an authentication option. Using the facebooker gem, most of the work was straightforward. If a user chooses the Facebook Connect option when signing up or logging in, a User record is created and a FacebookUser record is associated with that User. The real problem came with trying to log out a Facebook Connect user.
The trick that finally sealed the deal and got all browsers working similarly had nothing to do with the app, though… it was a browser setting. Safari had 3rd-party cookies enabled, and Firefox didn’t. Having that setting turned off prevented the logoutAndRedirect method from working as it should, thus preventing the redirect to the /logout URL. Having that setting turned on caused the Facebook cookies to almost immediately come back, when using just the server-side code to do the logout.
To get everybody logged out, then, regardless of cookie settings, the way to do it is to the use FB.connect.logout with a callback function that redirects to /logout. This successfully logs the user out of Facebook if he has third-party cookies enabled, and logs the user out of your app by destroying the current session even if he doesn’t.