[OpenID] general Logout / Signout Problem with OpenID
Bill Shupp
hostmaster at shupp.org
Thu Jul 23 17:03:01 UTC 2009
Check out these links:
http://openid.net/pipermail/general/2009-May/008888.html
http://www.sociallipstick.com/2009/05/logout-the-other-half-of-the-identity-equation/
There is even more on this topic in the archives if you search around
a bit. I personally don't buy the "public computer" argument, as
you're open to a lot of problems (key loggers, etc) in that scenario,
and you should at the very least clear cookies of the browser you used
when you leave.
Cheers,
Bill Shupp
On Jul 23, 2009, at 4:50 AM, zlzc2000 wrote:
>
> Dear Forum ,
>
> Im developing a OpenID solution using the Java library openID4java.
> After a
> user signed in, I can manage the Logout for my Website. But if the
> user
> klicks the OpenID-login button again, my site redirects the request
> implicit
> to the for example google server wich still has a "open" session.
> Therefore
> goole veryfies my request positive and the user relogs in without
> giving a
> passwort again, wich means that my site
> constructs a new session with the old useraccount.
> This would be a problem, if someone in a public place logs of the
> page and 2
> minutes later someone else is able to "continue" his session.
> I didnt find any API call to finish the session for the OpenID
> server maybe
> someone has a hint for me to resolve this problem ,
>
> thanks a lot !
>
> regards,
>
>
>
> --
> View this message in context: http://www.nabble.com/general-Logout---Signout-Problem-with-OpenID-tp24624173p24624173.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list