I have an implementation for my website to have facebook single sign on, using their javascript sdk.
The javascript adds the cookie and I deal with it fine.
The question is related to when an user logs out of facebook, I would expect the auth.sessionChange or auth.logout events to fire, but that only occurs when the page is refreshed.
As my implementation is done server-side, this means that after the user logs out of facebook they can access one secure page one more time before being properly logged out.
Is this the normal case or do these events usually fire up straight away and I'm maybe doing something incorrect in configuration of the facebook app?