So you've customized the C# app to validate the user against some app/ directory? You should try to inspect your cookies between authentications and see if any are persistent.
Ryan Shelley 12-Gauge Media, LLC [EMAIL PROTECTED] 800-707-3109 x100 On Jan 17, 2008, at 5:12 AM, JWise1203 <[EMAIL PROTECTED]> wrote: > > We are using the Google Apps SSO C# ASP.NET sample code: > > http://google-apps-sso-sample.googlecode.com/files/sso-sample-1.0-cs.zip > > Any ideas? > > On Jan 17, 1:05 am, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: >> It's not a Google cookie you should check, it's the cookie set by >> your SSO. >> Are you using a commercial SSO solution, or do you have your own >> customer >> app? >> >> -Ryan >> >> On Jan 16, 2008 5:47 PM, JWise1203 <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >>> Ryan, >> >>> Thanks for the suggestion. Quick question, how can I determine which >>> cookies on the user's machine to delete? Is there any documentation >>> regarding this? >> >>> On Jan 16, 8:31pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: >>>> This almost sounds like the token you're using for your SSO isn't >>>> being >>>> removed from the browser's cookies. In theory, the next time >>>> someone >>> goes >>>> to Google mail, it should send them through your SSO again. It's >>>> then up >>> to >>>> your SSO to validate/invalidate the session. So it sounds to me >>>> like >>> when >>>> the new user logs in, the old user's token is still in the >>>> browser and >>> not >>>> being invalidated. Make sure that when the new user logs in, you >>>> clear >>> any >>>> existing cookies that may exist for the SSO before setting a new >>>> one. >> >>>> On Jan 16, 2008 4:13 PM, JWise1203 <[EMAIL PROTECTED]> wrote: >> >>>>> We have the following situation: >> >>>>> 1. Student A logs into Google mail via .NET SSO API from our >>>>> student >>>>> portal. >>>>> 2. Student A reads their mail from a (window.open()) page. >>>>> 3. Student A closes the Google mail window once finished (without >>>>> clicking the "sign out" link). >>>>> 4. Student A logs off the student portal (original referring >>>>> page), >>>>> but does not close the browser. >>>>> 5. Student A leaves. >>>>> 6. Student B (new) logs into the student portal using the same >>>>> browser >>>>> and their portal student information shows correctly. >>>>> 7. Student B logs into Google mail (window.open()) and (wait for >>>>> it) . . . they receive Student A's email account. >> >>>>> It looks like the "session" is not closing on the API request. >>>>> Meaning, if Student A was successful in logging into the Google >>>>> Mail >>>>> service, then when Student B logs in, it is still authenticated >>>>> and >>>>> uses A's credentials. NOTE: When the student clicks "Sign Out", >>>>> the >>>>> page does load the next student's account login correctly, as >>>>> expected. >> >>>>> Thoughts? >> >>>>> -Jared- Hide quoted text - >> >>>> - Show quoted text -- Hide quoted text - >> >> - Show quoted text - > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
