I'm using the Facebook PHP SDK for simple login with extended permissions. I'm using the example code from the SDK docs, but I found that I need to manually clear out the FB session data otherwise if($user) comes back as true even though the user is logged out. I have the app going to logout.php upon logout; this page clears out the session vars and redirects to the app home page.

Once I clear out the FB session data, log in/log out works fine. However, it stops working if I pass $params to the getLoginUrl function. Once I pass any params (I've tried several), the login breaks, either by not bringing up the second extended permissions screen or by refreshing the app page w/out login success.

index page and logout page code follow.

index.php

<?php 

require 'services/facebook-php-sdk/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => '[APP_ID]',
  'secret' => '[SECRET]',
));

// Get User ID
$user = $facebook->getUser();

if($user) {
    try {
        // Proceed knowing you have a logged in user who's authenticated.
        $user_profile = $facebook->api('/me');
        $params = array('next' => 'http://'.$_SERVER["SERVER_NAME"].'/logout.php');
        $logout_url = $facebook->getLogoutUrl($params);
    } catch (FacebookApiException $e) {
        error_log($e);
        $user = null;
    }
} else {
    $login_url = $facebook->getLoginUrl($params = array('redirect_uri' => 'http://'.$_SERVER["SERVER_NAME"].'/', 'scope' => 'read_stream'));
}

?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>

<?php if($user) { ?>
    <p><a href="<?php echo($logout_url); ?>">Log out</a></p>
<?php } else { ?>
    <p><a href="<?php echo($login_url); ?>">Log in</a></p>
<?php } ?>

</body>
</html>

logout.php

<?php 
session_start();

$fb_app_id = '[APP_ID]';

unset($_SESSION['fb_'.$fb_app_id.'_code']);
unset($_SESSION['fb_'.$fb_app_id.'_access_token']);
unset($_SESSION['fb_'.$fb_app_id.'_user_id']);
unset($_SESSION['fb_'.$fb_app_id.'_state']);
header('Location: http://'.$_SERVER["SERVER_NAME"].'/');
?>