This almost sounds like the token you're using for your SSO isn't being removed from the browser's cookies. In theory, the next time someone goes to Google mail, it should send them through your SSO again. It's then up to your SSO to validate/invalidate the session. So it sounds to me like when the new user logs in, the old user's token is still in the browser and not being invalidated. Make sure that when the new user logs in, you clear any existing cookies that may exist for the SSO before setting a new one.
On Jan 16, 2008 4:13 PM, JWise1203 <[EMAIL PROTECTED]> wrote: > > We have the following situation: > > 1. Student A logs into Google mail via .NET SSO API from our student > portal. > 2. Student A reads their mail from a (window.open()) page. > 3. Student A closes the Google mail window once finished (without > clicking the "sign out" link). > 4. Student A logs off the student portal (original referring page), > but does not close the browser. > 5. Student A leaves. > 6. Student B (new) logs into the student portal using the same > browser > and their portal student information shows correctly. > 7. Student B logs into Google mail (window.open()) and (wait for > it) . . . they receive Student A's email account. > > It looks like the "session" is not closing on the API request. > Meaning, if Student A was successful in logging into the Google Mail > service, then when Student B logs in, it is still authenticated and > uses A's credentials. NOTE: When the student clicks "Sign Out", the > page does load the next student's account login correctly, as > expected. > > Thoughts? > > -Jared > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
