Foursquare log out button

*If interested please see the answer from Foursquare on this issue as a comment to this post*

Please help, I'm still fighting with this :(

I've created a button that deletes all Foursquare related cookies. Checked with Firebug, when clicked the cookies are unset.

Also the same programming deletes the token inserted in the database when the user first logs in. Checked in the database, the row is deleted.

And here's what happens:

1. In a browser fresh with no cookies, a user logs in.
2. Cookies are set and a row with the token and user id is inserted in the database.
3. The user logs out.

4. Cookies unset and row deleted from database

5. Now, a different user wants to log in. He/she clicks <a href='".$authorizeUrl."'>Log in</a> in my web app.

6. Foursquare login page shows, BUT before he/she can fill the form in, the page redirects back to my web app with the previous user token and info!

The only way I can do a clean start without point 6 happening is deleting all cookies from my browser manually :(

Any ideas will be appreciated I don't know where to follow. Below the code I'm using, please try it you'll see how step 6 happens.

Thanks a ton

<?php

ob_start();
require_once('includes/EpiCurl.php');
require_once('includes/EpiSequence.php');
require_once('includes/EpiFoursquare.php');


$logout= $_GET['logout']; 
if ($logout == 'true'){ /*I'm deleting all the cookies foursquare related just in case*/
        $pastdate = mktime(0,0,0,1,1,1970);
               setcookie ("XSESSIONID", "", time() - 18600);
           setcookie ("access_token", "", time() - 18600);
           setcookie ("ext_id", "", time() - 18600);
           setcookie ("LOCATION", "", time() - 18600);
           setcookie("access_token", "", $pastdate);
           setcookie("XSESSIONID", "", $pastdate);
        开发者_高级运维   setcookie("ext_id", "", $pastdate);
           setcookie("LOCATION", "", $pastdate);
           setcookie("_chartbeat2", "", $pastdate);
           setcookie("__utmb", "", $pastdate);
           setcookie("__utmc", "", $pastdate);
           setcookie("__utma", "", $pastdate);
           setcookie("__utmz", "", $pastdate);
           $_SESSION['XSESSIONID']=false;
            unset($_SESSION['XSESSIONID']);


 } 

$clientId = "yyyyyyyyy";
$clientSecret = "xxxxx";
$redirectUrl = 'mypage.php';


   $fsObjUnAuth = new EpiFoursquare($clientId, $clientSecret);

      $thecode = $_GET['code'];

 if(!isset($thecode) && !isset($_COOKIE['access_token'])) { //not in yet

     $authorizeUrl = $fsObjUnAuth->getAuthorizeUrl($redirectUrl); 


    echo"<a href='".$authorizeUrl."'>Let's log in</a>";

 }else{  /*we're in*/



    if(!isset($_COOKIE['access_token'])) {  


         $token = $fsObjUnAuth->getAccessToken($thecode, $redirectUrl);
          setcookie('access_token', $token->access_token);
          $_COOKIE['access_token'] = $token->access_token;     

   }  
        $fsObjUnAuth->setAccessToken($_COOKIE['access_token']);


      echo "we're in";

     echo"<br><a href='mypage.php?logout=true'>Logout</a>";   

 }             

?>

---

Did you try changing the value of the expiration date of the cookie before you unset it? It seems that unset does not destroy the cookie.

---

You can't really "log out" per se. The token will never expire per Foursquare docs. You are doing everything correct on your end. You need to hit https://foursquare.com/oauth2/authorize instead of https://foursquare.com/oauth2/authenticate. Hitting /authorize will force the user to re-authenticate their identity, (re-log in), and reauthorize your app giving you a new access token to store locally for your app.