When I mention session object should I be calling it a token? I have also run across the AuthSubRevokeToken interface in the Account API: http://code.google.com/apis/accounts/AuthForWebApps.html
How would this same procedure through the .NET SSO API? Can someone point me in the right direction? On Jan 17, 8:46 am, JWise1203 <[EMAIL PROTECTED]> wrote: > We did some testing this morning. There is one cookie that is being > generated. We attempted to delete the cookie and check if Student B > would see his e-mail account (not Student A's). What we found was that > Student B still was logged into Student A's e-mail. When the cookie is > regenerated, it has Student A's username contained in it. > > It looks to me like there is a Google session object that is being > created. If that session object exists, Google is not making a call > back to our SSO code to reauthenicate Student B. Could this be true? > > On Jan 17, 8:12 am, JWise1203 <[EMAIL PROTECTED]> wrote: > > > > > We are using the Google Apps SSO C# ASP.NET sample code: > > >http://google-apps-sso-sample.googlecode.com/files/sso-sample-1.0-cs.zip > > > Any ideas? > > > On Jan 17, 1:05 am, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > > > It's not a Google cookie you should check, it's the cookie set by your > > > SSO. > > > Are you using a commercial SSO solution, or do you have your own customer > > > app? > > > > -Ryan > > > > On Jan 16, 2008 5:47 PM, JWise1203 <[EMAIL PROTECTED]> wrote: > > > > > Ryan, > > > > > Thanks for the suggestion. Quick question, how can I determine which > > > > cookies on the user's machine to delete? Is there any documentation > > > > regarding this? > > > > > On Jan 16, 8:31pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > > > > This almost sounds like the token you're using for your SSO isn't > > > > > being > > > > > removed from the browser's cookies. In theory, the next time someone > > > > goes > > > > > to Google mail, it should send them through your SSO again. It's then > > > > > up > > > > to > > > > > your SSO to validate/invalidate the session. So it sounds to me like > > > > when > > > > > the new user logs in, the old user's token is still in the browser and > > > > not > > > > > being invalidated. Make sure that when the new user logs in, you clear > > > > any > > > > > existing cookies that may exist for the SSO before setting a new one. > > > > > > On Jan 16, 2008 4:13 PM, JWise1203 <[EMAIL PROTECTED]> wrote: > > > > > > > We have the following situation: > > > > > > > 1. Student A logs into Google mail via .NET SSO API from our student > > > > > > portal. > > > > > > 2. Student A reads their mail from a (window.open()) page. > > > > > > 3. Student A closes the Google mail window once finished (without > > > > > > clicking the "sign out" link). > > > > > > 4. Student A logs off the student portal (original referring page), > > > > > > but does not close the browser. > > > > > > 5. Student A leaves. > > > > > > 6. Student B (new) logs into the student portal using the same > > > > > > browser > > > > > > and their portal student information shows correctly. > > > > > > 7. Student B logs into Google mail (window.open()) and (wait for > > > > > > it) . . . they receive Student A's email account. > > > > > > > It looks like the "session" is not closing on the API request. > > > > > > Meaning, if Student A was successful in logging into the Google Mail > > > > > > service, then when Student B logs in, it is still authenticated and > > > > > > uses A's credentials. NOTE: When the student clicks "Sign Out", the > > > > > > page does load the next student's account login correctly, as > > > > > > expected. > > > > > > > Thoughts? > > > > > > > -Jared- Hide quoted text - > > > > > > - Show quoted text -- Hide quoted text - > > > > - Show quoted text -- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
