Would there be any way to do this programmatically? We would like to remove any Google session objects before we refer them to http://mail.google.com/a/domain.com
This way, we can ensure that even if the student does not log out of their Google mail and/or our Student Portal properly (therefore never being sent to: http://mail.google.com/a/domain.com/?logout), we will be securing privacy by removing session cookies automatically each time before SSO redirect. This is a huge issue for us as we have many open computer areas which are shared by many students who may not close all browser windows after they are finished their work. On Jan 17, 6:48 pm, "Alex (Google)" <[EMAIL PROTECTED]> wrote: > Hi Jared, > > There is a session cookie which is cleared if Student A clicks "Sign > out". If Student A does not click "Sign out", the session will be > resumed when the browser goes tohttp://mail.google.com/a/domain.com > again. Closing the browser window is not enough to clear the cookie. > The "Sign out" link looks like: > > http://mail.google.com/a/domain.com/?logout > > What some admins have done is to forward the user to that URL as part > of their own log off process. > > -alex > > On Jan 16, 4:13 pm, JWise1203 <[EMAIL PROTECTED]> wrote: > > > > > We have the following situation: > > > 1. Student A logs into Google mail via .NET SSO API from our student > > portal. > > 2. Student A reads their mail from a (window.open()) page. > > 3. Student A closes the Google mail window once finished (without > > clicking the "sign out" link). > > 4. Student A logs off the student portal (original referring page), > > but does not close the browser. > > 5. Student A leaves. > > 6. Student B (new) logs into the student portal using the same browser > > and their portal student information shows correctly. > > 7. Student B logs into Google mail (window.open()) and (wait for > > it) . . . they receive Student A's email account. > > > It looks like the "session" is not closing on the API request. > > Meaning, if Student A was successful in logging into the Google Mail > > service, then when Student B logs in, it is still authenticated and > > uses A's credentials. NOTE: When the student clicks "Sign Out", the > > page does load the next student's account login correctly, as > > expected. > > > Thoughts? > > > -Jared- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
