diff --git a/Controller/Component/ConnectComponent.php b/Controller/Component/ConnectComponent.php
old mode 100644
new mode 100755
index b4bb56e..ed3935e
--- a/Controller/Component/ConnectComponent.php
+++ b/Controller/Component/ConnectComponent.php
@@ -142,8 +142,8 @@ private function __syncFacebookUser(){
 		}
 		
 		// check if the user already has an account
-		// User is logged in but doesn't have a 
-		if($Auth->user('id')){
+		// User is logged in but doesn't have a
+		if($Auth->user('id') && $Auth->user('facebook_id') == $this->uid){
 			$this->hasAccount = true;
 			$this->User->id = $Auth->user($this->User->primaryKey);
 			if (!$this->User->field('facebook_id')) {
@@ -192,7 +192,7 @@ private function __syncFacebookUser(){
 	*/
 	public function user($field = null){
 		if(isset($this->uid)){
-			if($this->Controller->Session->read('FB.Me') == null){
+			if($this->Controller->Session->read('FB.Me') == null || $this->Controller->Session->read('FB.Me.id') != $this->uid){
 				$this->Controller->Session->write('FB.Me', $this->FB->api('/me'));
 			}
 			$this->me = $this->Controller->Session->read('FB.Me');
diff --git a/Vendor/base_facebook.php b/Vendor/base_facebook.php
old mode 100644
new mode 100755
index b5ac87b..fa73a88
--- a/Vendor/base_facebook.php
+++ b/Vendor/base_facebook.php
@@ -439,6 +439,11 @@ protected function getUserAccessToken() {
       // the JS SDK puts a code in with the redirect_uri of ''
       if (array_key_exists('code', $signed_request)) {
         $code = $signed_request['code'];
+        if ($code && $code == $this->getPersistentData('code')) {
+          // short-circuit if the code we have is the same as the one presented
+          return $this->getPersistentData('access_token');
+        }
+
         $access_token = $this->getAccessTokenFromCode($code, '');
         if ($access_token) {
           $this->setPersistentData('code', $code);
@@ -524,6 +529,10 @@ protected function getUserFromAvailableData() {
     if ($signed_request) {
       if (array_key_exists('user_id', $signed_request)) {
         $user = $signed_request['user_id'];
+        if($user != $this->getPersistentData('user_id')){
+          $this->clearAllPersistentData();
+        }
+
         $this->setPersistentData('user_id', $signed_request['user_id']);
         return $user;
       }
@@ -1143,10 +1152,16 @@ protected function getHttpProtocol() {
       }
       return 'http';
     }
+    /*apache + variants specific way of checking for https*/
     if (isset($_SERVER['HTTPS']) &&
         ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
       return 'https';
     }
+    /*nginx way of checking for https*/
+    if (isset($_SERVER['SERVER_PORT']) &&
+        ($_SERVER['SERVER_PORT'] === '443')) {
+      return 'https';
+    }
     return 'http';
   }