Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie Not Being Cleared On Logout #21

Closed
d6veteran opened this issue Dec 23, 2010 · 5 comments
Closed

Cookie Not Being Cleared On Logout #21

d6veteran opened this issue Dec 23, 2010 · 5 comments
Labels
Authentication Facebook Workflow

Comments

@d6veteran
Copy link
Owner

Reproduce:

  1. Login to Facebook as User A (who has authorized GB).
  2. Logout of Facebook.
  3. Login to Facebook as User B (who has authorized GB).
  4. Go to GB App page on Facebook.
  5. User B will see User A's profile including Brag box. User B should see User B's profile when going to the application. The default landing page for the application should be the profile of the logged in user.
@d6veteran
Copy link
Owner Author

What's odd is that if I logout from the GB app page, I don't also get logged out of Facebook. Is that how it should work . . . ??

I need to go to a couple sites using FB connect . . . I guess that's probably right:

  1. If you log into Facebook, you are also logged into 3rd party site.
  2. If you log out of 3rd party site, you do NOT log out of Facebook.
  3. If you log out of Facebook, you are also logged out of 3rd party site.

It seems like there should not be an option to log out of the 3rd party site without also logging out of Facebook. Right? Like you can log out of Facebook, but not log out of GB on it's own. In other words the concept of logging in an out is really only Facebook, and GB simply logs you in and out under the covers, based on inspecting the FB Cookie (to see if you are logged into FB or not).

Right?

@d6veteran
Copy link
Owner Author

I'm not sure if the latest version was a fix for this but I still see this behavior.

@sampyxis
Copy link
Contributor

sampyxis commented Jan 3, 2011

So, if you log out of FB - is there a way to force the user to log out of GB if it's not open? Probably not.

We'll need to put a check in on the open of the GB page to make sure we not only get the cookie from the user - but first check that it's the currently logged in user for the FB session.

@sampyxis
Copy link
Contributor

sampyxis commented Jan 3, 2011

Ok
It works if when the user first goes to the gb site - we force them to go to this url /auth/login - that works with the fb session and makes sure we have the correct user.

So, in the code we can either force them there (maybe sloppy since the url isn't clean) - or duplicate the code to do the login handler

@sampyxis
Copy link
Contributor

This works now - and actually - we've switched it so we're just following what the user is doing with FB - if they are logged in to FB and they have added GreenBean - then they'll automatically be logged in here.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication Facebook Workflow
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@d6veteran @sampyxis