Federated Authentication - logging out of openid

Question

Federated Authentication - logging out of openid

Attempted to use federated authentication using AppEngine. I implemented the authentication part, but this is a logout that causes some problems. When the user clicks the createlogouturl button, they exit my application, but they will not exit the federated provider. Stackoverflow also has this behavior. I understand that exit from the federation is impossible ...

Google documentation says -

"You should urge users to use a computer that does not belong to them, say, a kiosk in a public place, they must clear all cookies in addition to logging out. (A less attractive alternative is to inform users about logging out log out your application then go to the OpenID provider website and log out too.) "

I don’t want to ask the user to clear cookies or go to the provider's website and log out. Question Is there a way to automatically delete cookies (in particular, those that were set during login) after the user clicks the logout button?

+4

java google-app-engine openid logout

user275157 Dec 26 '10 at 12:06

source share

1 answer

André caron · Accepted Answer · 2010-12-26T14:04:37+0000

Is there a way to automatically clear cookies (certain ones that were set during login) as soon as the user clicks the logout button?

You can clear all cookies from your own site by sending new, empty values ... if your site does not place cookies in several subdomains!

It is not possible to clear cookies from other domains using the link on your page. Providing this Javascript feature can be disastrous. An error on one page can cause me to re-enter other sites, and it may take me several times to notice the template. It can be very annoying!

Federated Authentication - logging out of openid

More articles: