The Facebook SDK uses a session state machine to control the session lifecycle.
A typical lifecycle from login through logout is illustrated below. In the example, we look for a cached token at app launch to provide an initial logged in experience if a token is available. If the token is not present, we show a login UI, where the user can touch a button to initiate the login process. After that, an authenticated user can be asked for additional permissions during app use, which kicks off a new permissions request flow that will trigger a UI to ask the user for the permissions. Finally, the authenticated user can log out of the app by clicking on a logout button.