It’s something of a hopeless pipe dream, but what the internet really needs is an upgrade to the HTTP protocol to allow persistent connections like telnet. When HTTP was designed, they never imagined people would “log in” to sites, and as such, the protocol is horribly designed for doing so. Not defending Facebook here, but the problem is a symptom of that poor protocol design.
Excuse my French, but what does that have to do with anything?
The issue at hand is about Facebook not respecting your request to log out of their service. "Log out" means "I'm going away. Do not assume anyone on this computer is me anymore."
Facebook deliberately choose to ignore this convention, and continue to track users using various methods in order to gather more information for their purposes.
What Facebook should have done was delete all Facebook cookies - end of story.
How that is related to the pros and cons of HTTP is beyond me.
To avoid this kind of problems, we need better privacy features in web browsers: better control on accepting / rejecting cookies, blocking trackers, hiding information which is usable for browser fingerprinting, etc. Today, this is possible with extensions, but I think, it should be default in the future.
Facebook apparently knows that "these people used the same computer". This is not evidence of cookie-based tracking, though: they could just be using the IP address.
IP address is not accurate enough to reliably ascertain such a thing. First, there's the problem of NAT. Second, there's the problem of dynamic IPs. My IP address changes everytime my modem is switched back off and switched back on. I'm sure a lot of other facebook users don't have static IPs as well.
Point I'm making: This data is important to them and they're recording it. They have an easy and reliable way to access this data through persistent cookies which they've - ahem - left on user clients by mistake. A lawyer would call that circumstantial evidence. Of course, I can't be fully sure of my accusation. Hence the question mark.
JoachimSchipper is right that it doesn't have to involve cookies, and so are you that IP addresses aren't enough.
Facebook could be using the same methods as Panopticlick (http://panopticlick.eff.org/), which are incredibly effective assuming the two users log in from the same browser.
