Hi there, If I read it correctly, the problem is not about the PHP code but it's about usability.
> 1. User logins to [EMAIL PROTECTED] and goes to its mailbox > 2. User doesn't press signout button and returns back to login page > 3. User logins to [EMAIL PROTECTED] and goes to its mailbox > 4. User again doesn't press signout button and returns back to login > page > 5. (!!!) And now user try to login to somebody else's mailbox > [EMAIL PROTECTED] with any password and he logins successfuly to the > mailbox he doesn't own! The #2 stated that the user did not press the signout button. This is where the problem occurred. It's the cookies that still active. I ran into the same problem but I have only one domain. 1. user logged in as [EMAIL PROTECTED] and went to mailbox. 2. user DIDN'T press the signout button and go back to the login page. 3. user logged in as [EMAIL PROTECTED] using the same browser (and the browser has NOT been close and re-open) and get a's mailbox. Same scenario as above but at step #2, user quit (exit, close) the browser and re-open the browser in step #3: user will get b's mailbox. it's the cookies!!! I resolve the problem (not very elegant but it works) by put in logout URL in the login page. <iframe src="https://mail.google.com/a/your.domain.here/? logout&hl=en"></iframe> Hope this help! Thai Nguyen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
