发表新帖
发表新帖

OpenID. How do you logout

后端 未结
关注
4 787
醉梦人生
醉梦人生 2021-02-19 04:10

On a website I have implemented the login using OpenID (based on StackOverflow).

But I can\'t seem to logout.
On my host I can logout but when the user tries to logi

4条回答
  • 礼貌的吻别
    礼貌的吻别 (楼主)
    2021-02-19 04:32

    This is called Single Logout or Single Sign-Out, which OpenID doesn't support. In my opinion, SSO without logout is a big security hole. Logging out a single site doesn't mean much if others can just get in with a few clicks.

    For now, we have to remember the provider. If it's someone we know, we trigger the logout process for them. For Google, the URL is,

    https://www.google.com/accounts/Logout

    The logout flow is ugly but it does the job.

    0 讨论(0)
 看不清?
提交回复
热议问题