I'm developing an application designed to run on a public computer, where many users will sign in with Twitter to register for our app.
I've been looking for a way to sign the user out of Twitter when they exit the application (though a sign out button). Since we cannot destroy the cookies set by twitter.com, all it does right now is destroy our own session and cookies and show a button which links to the Twitter sign out page (in a popup). We would prefer not to use the popup, but instead sign the user out of Twitter automatically when they sign out of our application. This will greatly reduce the likeliness of people forgetting to logout (and thus allowing access to their own account by the next user). We're already using force_login=true to force a new login when someone connects to our application, but then it could already be too late. Is there any way to call a sign out through the API? Account/end_session seems to be what I'm looking for, but I can't get it to work. Another approach would be to scrape twitter.com for the authenticity_token and call the logout from through cURL, but this isn't the nicest way to do things and my first attemps have failed so far.
