Is there any Javascript support to logout from a user's active twitter session?


#1

Is there any Javascript support to logout a an active twitter session? I observed that facebook has been providing this kind of facility through a javascript method something like FB.Logout …

Currently users can login to our website using twitter so when the users log out from the website then they should automatically be logged out from their twitter account also… for this we need some JS support.

Can u plz suggest if there is any such support for twitter also?


#2

There is no support for this. A user’s session with Twitter and their session on your site have no relation in our model.


#3

“A user’s session with Twitter and their session on your site have no relation in our model.”

Taylor, with all due respect, I believe that Twitter should look at this in another way. This is a widespread security issue for Twitter. There are many people building Twitter apps that are used in ‘Kiosk’ environments. Users must login to Twitter with a browser to accept app authentication. Once authenticated, they are redirected to the application, but the Twitter cookie stays with the browser and there is no way for a ‘responsible, security-conscious’ developer to remove that cookie when user leaves the ‘Kiosk’. The next visitor now has access to the previous visitors Twitter, and the user that came before will not realize this.

Facebook provides a way to handle this issue, but Twitter does not.


#4

I landed here with the intention to find the same solution, as even we have been using it in a similar kiosk scenario as mentioned by @dilltree.
Interestingly enough, when this post was initially made, by @arvindknaidu, we used to use the twitter @anywhere JS api, to initiate a logout, by opening a popup. Before that we used to use twitter’s JS support, which I now don’t remember the name of. But the earlier one was the most seamless. @anywhere wasn’t that seamless, though it served our purpose.
Anywhere support is now gone, and I was looking for a JS solution to log a user out.

Now, an interesting fact for any one who’s doing kiosk solutions is that if you use the force_login parameter with either authorize or authenticate, the user’s twitter session does not persist, hence @dilltree’s security concern is resolved.

This is what we are doing now; using force_login. The problem is that after providing permissions, we used to have a beautiful page, where the users could follow a twitter handle. We cannot achieve that anymore, because the session does not persist. If we had a way to log the user out using JS, we would have been able to achieve the given use case.

@episod Would love to know your comments about this.


#5

Yeah… I did eventually stumble on the force_login to solve my problem. Makes perfect sense of course that ‘force_login’ means “don’t actually login”.


#6