You don't call that through the sso library, you simply issue a server- side GET request to the revoke endpoint passing the token to revoke.
Ryan Shelley 12-Gauge Media, LLC [EMAIL PROTECTED] 800-707-3109 x100 On Jan 17, 2008, at 2:37 PM, JWise1203 <[EMAIL PROTECTED]> wrote: > > When I mention session object should I be calling it a token? I > > have also run across the AuthSubRevokeToken interface in the Account > API: http://code.google.com/apis/accounts/AuthForWebApps.html > > How would this same procedure through the .NET SSO API? > > Can someone point me in the right direction? > > On Jan 17, 8:46 am, JWise1203 <[EMAIL PROTECTED]> wrote: >> We did some testing this morning. There is one cookie that is being >> generated. We attempted to delete the cookie and check if Student B >> would see his e-mail account (not Student A's). What we found was >> that >> Student B still was logged into Student A's e-mail. When the cookie >> is >> regenerated, it has Student A's username contained in it. >> >> It looks to me like there is a Google session object that is being >> created. If that session object exists, Google is not making a call >> back to our SSO code to reauthenicate Student B. Could this be true? >> >> On Jan 17, 8:12 am, JWise1203 <[EMAIL PROTECTED]> wrote: >> >> >> >>> We are using the Google Apps SSO C# ASP.NET sample code: >> >>> http://google-apps-sso-sample.googlecode.com/files/sso-sample-1.0-cs.zip >> >>> Any ideas? >> >>> On Jan 17, 1:05 am, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: >> >>>> It's not a Google cookie you should check, it's the cookie set by >>>> your SSO. >>>> Are you using a commercial SSO solution, or do you have your own >>>> customer >>>> app? >> >>>> -Ryan >> >>>> On Jan 16, 2008 5:47 PM, JWise1203 <[EMAIL PROTECTED]> wrote: >> >>>>> Ryan, >> >>>>> Thanks for the suggestion. Quick question, how can I determine >>>>> which >>>>> cookies on the user's machine to delete? Is there any >>>>> documentation >>>>> regarding this? >> >>>>> On Jan 16, 8:31pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: >>>>>> This almost sounds like the token you're using for your SSO >>>>>> isn't being >>>>>> removed from the browser's cookies. In theory, the next time >>>>>> someone >>>>> goes >>>>>> to Google mail, it should send them through your SSO again. >>>>>> It's then up >>>>> to >>>>>> your SSO to validate/invalidate the session. So it sounds to me >>>>>> like >>>>> when >>>>>> the new user logs in, the old user's token is still in the >>>>>> browser and >>>>> not >>>>>> being invalidated. Make sure that when the new user logs in, >>>>>> you clear >>>>> any >>>>>> existing cookies that may exist for the SSO before setting a >>>>>> new one. >> >>>>>> On Jan 16, 2008 4:13 PM, JWise1203 <[EMAIL PROTECTED]> wrote: >> >>>>>>> We have the following situation: >> >>>>>>> 1. Student A logs into Google mail via .NET SSO API from our >>>>>>> student >>>>>>> portal. >>>>>>> 2. Student A reads their mail from a (window.open()) page. >>>>>>> 3. Student A closes the Google mail window once finished >>>>>>> (without >>>>>>> clicking the "sign out" link). >>>>>>> 4. Student A logs off the student portal (original referring >>>>>>> page), >>>>>>> but does not close the browser. >>>>>>> 5. Student A leaves. >>>>>>> 6. Student B (new) logs into the student portal using the same >>>>>>> browser >>>>>>> and their portal student information shows correctly. >>>>>>> 7. Student B logs into Google mail (window.open()) and (wait for >>>>>>> it) . . . they receive Student A's email account. >> >>>>>>> It looks like the "session" is not closing on the API request. >>>>>>> Meaning, if Student A was successful in logging into the >>>>>>> Google Mail >>>>>>> service, then when Student B logs in, it is still >>>>>>> authenticated and >>>>>>> uses A's credentials. NOTE: When the student clicks "Sign >>>>>>> Out", the >>>>>>> page does load the next student's account login correctly, as >>>>>>> expected. >> >>>>>>> Thoughts? >> >>>>>>> -Jared- Hide quoted text - >> >>>>>> - Show quoted text -- Hide quoted text - >> >>>> - Show quoted text -- Hide quoted text - >> >>> - Show quoted text -- Hide quoted text - >> >> - Show quoted text - > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
