开发者

federated authentication - openid logout

开发者 https://www.devze.com 2023-02-01 19:30 出处:网络
Trying to use federated authentication with AppEngine. I have implemented the authenication part but it is the logout that is causing some problems. When the user clicks createlogouturl they will logo

Trying to use federated authentication with AppEngine. I have implemented the authenication part but it is the logout that is causing some problems. When the user clicks createlogouturl they will logout of my app but they will not be logged out of the federated provider. Stackoverflow seems to have this behavior as well. I understand that federated logout is not possible...

Google documentation says -

"You should strongly urge users that if using a computer that is not theirs, say a kiosk in a public venue, they should clear all cookies in addition 开发者_运维问答to logging out. (A less attractive alternative is to tell users to logout of your app then go to their OpenID provider's website and sign-out from there too.) "

I don't want to ask the user to clear cookies or go to the provider site and logout as well - Question Is there a way to automatically clear cookies (particularly ones set during login) once the user clicks logout?


Is there a way to automatically clear cookies (particular ones set during login) once the user clicks logout?

You can clear all the cookies from your own website by sending new, empty values... unless your website puts cookies in multiple sub-domains!

There is no way to clear cookies from other domains using a link on your page. Giving this power to Javascript could be disastrous. A bug in a single page could force me to re-login on all other websites, and it might take me a few times to notice the pattern. This could become highly annoying!

0

精彩评论

暂无评论...
验证码 换一张
取 消