Logout of Twitter - OAuth


#1

Hey so this is likely an ongoing discussion topic, and I’m not too sure why all the implementations do not provide some method for logging out users server-side. Here’s THE ISSUE:

User visits my site, successfully logs in with Twitter REST/OAuth api (works…), user does some stuff, and then walks away from the computer (or clicks my logout button which destroys my session and makes their login on MY site invalid - works). The someone else comes along, opens a new tab, and visits twitter.com where they are presented with the other users logged in twitter account.

Now I’ve run into this situation with implementing the Facebook and Google OAuth solutions - both provide a client side mechanism for logging the user out of their respective accounts when a logout link is clicked (which i subsequently load in a hidden iframe for them when MY logout flow is triggered)

Here is THE QUESTION: Does Twitter not have any means for me to ensure the user who has walked away from a public computer (or worse thought they’d signed out) to sign out ?


#2

I noticed there is twitter.com/logout but it requires a button click and has no option to redirect_uri


#3

yes, you’re right.
I encounter a same problem, and i dont know why Twitter does not implement that api ;( That’s suck
Another problem i have to face it that:

  • When user A use my site (with Twitter App login), do some stuff, leave with out logout.
  • User B comes up, open new tab, login to their Twitter acc, back to my sife and do some other stuff without any auth … :frowning: -> suck

I want to know a way to solve that problem


#4

Try this… it may help u to logout…

using System.Collections;
public partial class Home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// This Code is used to Disable the Browser “BACK Button”
Response.ClearHeaders();
Response.AppendHeader(“Cache-Control”, “no-cache”); //HTTP 1.1
Response.AppendHeader(“Cache-Control”, “private”); // HTTP 1.1
Response.AppendHeader(“Cache-Control”, “no-store”); // HTTP 1.1
Response.AppendHeader(“Cache-Control”, “must-revalidate”); // HTTP 1.1
Response.AppendHeader(“Cache-Control”, “max-stale=0″); // HTTP 1.1
Response.AppendHeader(“Cache-Control”, “post-check=0″); // HTTP 1.1
Response.AppendHeader(“Cache-Control”, “pre-check=0″); // HTTP 1.1
Response.AppendHeader(“Pragma”, “no-cache”); // HTTP 1.1
Response.AppendHeader(“Keep-Alive”, “timeout=3, max=993″); // HTTP 1.1
Response.AppendHeader(“Expires”, “Mon, 26 Jul 1997 05:00:00 GMT”); // HTTP 1.1
//This code is used to maintain UserName in the Home page using Session and Cookies
if (Session[“x”] == null)
{
Response.Redirect(“Default.aspx”);
}
else
{
IEnumerator mc;
mc = Request.Cookies.AllKeys.GetEnumerator();
while (mc.MoveNext())
{
if (Request.Cookies[mc.Current.ToString()].HasKeys == true)
{
IEnumerator sc;
sc = Request.Cookies[mc.Current.ToString()].Value.GetEnumerator();
while (sc.MoveNext())
{
Response.Write(sc.Current.ToString() + Request.Cookies[mc.Current.ToString()][sc.Current.ToString()]);
}
}
}
}
}
//This Code is for the LOGOUT Code
protected void Button1_Click(object sender, EventArgs e)
{
Session.Clear();
Session.RemoveAll();
Session.Abandon();
Response.Redirect(“Default.aspx”, true);
}
}