Authlogic, logout and credential capture

Posted by Paddy on Stack Overflow See other posts from Stack Overflow or by Paddy
Published on 2010-04-18T14:55:39Z Indexed on 2010/04/18 15:03 UTC
Read the original article Hit count: 498

Filed under:
|
|

Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance.

This is what i did:

I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine!

Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google.

I noticed the same with stack overflow's openid authentication system.

Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!!

Should i be paranoid?

© Stack Overflow or respective owner

Related posts about authlogic-oid

Related posts about openid