[OpenID] general Logout / Signout Problem with OpenID
zlzc2000
zlzc2001 at hotmail.com
Thu Jul 23 11:50:13 UTC 2009
Dear Forum ,
Im developing a OpenID solution using the Java library openID4java. After a
user signed in, I can manage the Logout for my Website. But if the user
klicks the OpenID-login button again, my site redirects the request implicit
to the for example google server wich still has a "open" session. Therefore
goole veryfies my request positive and the user relogs in without giving a
passwort again, wich means that my site
constructs a new session with the old useraccount.
This would be a problem, if someone in a public place logs of the page and 2
minutes later someone else is able to "continue" his session.
I didnt find any API call to finish the session for the OpenID server maybe
someone has a hint for me to resolve this problem ,
thanks a lot !
regards,
--
View this message in context: http://www.nabble.com/general-Logout---Signout-Problem-with-OpenID-tp24624173p24624173.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general
mailing list