And you are running a back-end, where you want to forget FB session (is there a better way?), then you can use the following:
$facebook = new Facebook($fb_config);
Yeah… I know… stupid easy. I kept wondering why, despite logging out, I was still pulling FB user id on the client side.
Update: used to do setSession( NULL ), which was wrong… not sure how I didn’t notice that. Anyway, destroySession works now. My apologies.