Facebook PHP SDK: getAccessToken not correct on refresh

Question 1

It is not recommended to call getAccessToken(); over and over the way you described.

You should try first to see if the token is in the browser as a session and if not then try to use the SDK to find or request it.

Check browser for a user, if no user call sdk for user, if still null or 0 auth or reauth.
If user, check browser for access_token, if no token call sdk for token.

<?php
session_start();
include('config.php');
require('phpsdk.php');
    // need to replace Your_App_ID and YourAppId with your applications id. 
    $facebook = new Facebook(array(
        'appId'  => 'Your_App_ID',
        'secret' => 'Your_App_Secret',
        'cookie' => true, // enable optional cookie support
    ));    
    if(isset($_SESSION['fb_YourAppId_user_id'])){
        $user = $_SESSION['fb_YourAppId_user_id'];  
    }else{
        $user = $facebook->getUser();
    }
    if($user){
        if(isset($_SESSION['fb_YourAppId_access_token'])){
            $access_token = $_SESSION['fb_YourAppId_access_token'];
        }else{
            $access_token = $facebook->getAccessToken();
        }
    }   
echo $user;
echo "<br /><br />";
echo $access_token;
?>

Question 2

Clearing the Facebook Session with php sdk in redirect when user logs out.

Logout.php redirect user and use sdk to clear session data.

example redirect url. yourdomain.com/Logout.php?destroy=true

refer to: https://developers.facebook.com/docs/reference/php/facebook-destroySession/

<?php
session_start();
require './src/facebook.php';
$facebook = new Facebook(array(
  'appId'  => 'appID',
  'secret' => 'appSecret',
  'cookie' => true, // enable optional cookie support
  ));
 if(isset($_GET['destroy'])){
   $facebook->destroySession(); 
 }
?>