Log in with a different user

[topless]

Consider the case where I sign in at gae-init with my Google account. I changed my mind and I want to sign in with my corporate account.

I hit the sign out button and trying to sign in again, but the service logs me in with my existing running session.

The expected behavior would be to give you the option if you want to change the account you want to sign in.

[mdxs]

You didn't log off / sign out of your current (private) Google account yet, so that is still an active login for the browser. When you do sign out of Google before signing in to the gae-init based application, then it asks for credentials and it (the Google page) offers you to use another account instead.

Alternatively, when I'm logged in to both my Google accounts at the same time, then Google (on sign in to the gae-init based app) offers me to select between these two accounts. Signing off, hitting sign in, and the Google page allows me to easily switch between the two (at least using Chrome it does, in my case).

Then if I (using Google) log out of one of them, then the gae-init based app on sign in via Google fast forwards into the active currently logged in account. Logging out of that one also (but not closing the browser; at least not in my testing), the Google intermediate page shows me the two accounts from which I can select, but it then asks for credentials of these.

Not sure if this limited testing is sufficient to close the issue with "works for me", but it seems that some behavior as requested does already work. That the gae-init based app doesn't clarify that to the user... not sure if other sites would do that either.

[mdxs]

Hmmm, the following scenario might be more problematic IMO: open Chrome, login to Google on first tab, sign in to GI-app (gae-init based app) with Google on second tab, log out of Google on first tab, close the browser; open Chrome again (in my case I can see that I'm not logged into Google at that point), open second tab and go to GI-app... huh? I'm signed in already.

It is however consistent with GitHub; if you don't explicitly sign off (from GI-app or GitHub), then closing browser will not automatically sign you out of them. Tabs might be closed on restart of the browser, but going to the sites has you signed on directly (no questions asked). So I guess it counts as a feature; and if the GI-app requires more security, it may need to do some more (does someone have a suggestion? I was thinking of checking the/a session cookie that expires when browser/tab/session is closed).

Another test: log in to Google on 1st tab, sign in to GI-app on 2nd tab, close browser, kill system tray Chrome thingy, start browser, (in my case) already logged in to Google on 1st tab (I expect due to my settings in Chrome), open 2nd tab and go to GI-app: not signed in. I guess the Chrome system tray keeps some stuff open, so the experience above might be different on other browsers/OSs.

[lipis]

You have to do something among these lines: http://stackoverflow.com/a/14322756/8418

But if you turn the Federated Login on from the Application Settings of your app, whenever you're signing out and back in it asks you every time to choose an account and you have an option to add a new one..

Is that solving the initial problem @topless?

[lipis]

Try it on http://gae-init.appspot.com/signin/

[lipis]

@mdxs Can you verify that after signing out you can login with another user even if you're didn't sign out from Google on http://gae-init.appspot.com/signin/ using the Google sign in?

[mdxs]

Confirmed that if I'm using both my Google accounts at the same time (such that in GMail I can switch between both by clicking on my Photo / Avatar) it works as follows:

When I'm logged in to both my Google accounts at the same time, then Google (on sign in to the gae-init based app) offers me to select between these two accounts. After sign off, when hitting sign in again and clicking Google; then the Google page allows me (again) to select which of my Google accounts to use. Thus I can easily select/switch with which of the Google accounts I want to use to sign in into the gae-init based app.

Tested in Chrome browser, with current http://gae-init.appspot.com/signin/

[mdxs]

When I've done the above (and both accounts are known to the gae-init based app) and in Google (using one of the accounts) I log out, then (in the Google realm) it looks like I'm logged out of both... it shows me both accounts to allow me to login again. Not doing so, but going to the gae-init based app, when I sign-in, it shows me the two accounts page again, selecting any one of them requires me to provide credentials (on Google page) as expected.

Once using one account (the one I gave credentials for when signing in to gae-init), signing off and signing in again is automatic and without further questions asked. This is as expected (and similar to one Google account being used and being logged into it already).

Then in GMail logging into the other account also, the gae-init based app goes back to the behaviour described above: allowing me to select from the two accounts.

[lipis]

Thanks.. I think that was the whole problem with the initial issue.. We'll see what @topless has to say

[lipis]

One more question.. is the tappsdev your account @mdxs? I have the merging accounts in the works and while I'm on it.. I could merge it with your other accounts here.. :) and thanks again for the detailed testing and reporting...

[topless]

@lipis @mdxs Very nice investigation guys. I think mdxs nailed it with the two account thing. Because I am using chrome profiles I have only one account signed in in each of my chrome instances. Despite the fact that you can be signed in only with one google account each time, the application properly forwards you to select one of the potential used accounts in the session you have. Another thing that I would like to add on msxs second comment is that in application settings you can specify the lifetime of a cookie 1 day/ 1 week/ 1 month and this will define next time you will be asked by your credentials.

On my behalf with that nice observation my problem is solved. Good job!

[mdxs]

@lipis: Yes, the tappsdev account is one of my accounts, guess you figured out the others already.