account/end_session will not do anything with the user on your site. It should log them out of twitter.com but the use case is very limited and I don't think it gets used/tested very often.
To log someone out of your own site you have to delete the sessions/cookies/etc that you are using to keep them logged in. For example in PHP session_destroy(); will accomplish this. If the account 1) has already approved your application and 2) is currently signed into twitter.com since you are using oauth/authenticate they will not even appear to visit twitter.com. They will just "automagically" get logged in. Abraham On Tue, Jul 28, 2009 at 22:21, CG <learn....@gmail.com> wrote: > > Hi, I am developing a simple Web App that use "sign in with twitter" , > where the app will automatically redirect to > twitter.com/oauth/authenticate(with request token/secret of course) if > user is not authenticated. > > It works well until I need to add a "sign out" function in my App. > > I use the "end_session" API and I get an error "Logged out." which I > think actually is loggout successfully (I came across a ticket > mentioning about this) > > I thought that after "signing out" from my app, when I revisit the > same page , I supposed to be redirect to the sign in page but > unfortunately , it seems like successfully "authenticate" me and > redirect back to my app without required any authentication. > > I did a test on this by calling to "end_session" , and go to another > browser tab , to access www.twitter.com , it seems like I am still not > "sign out" from Twitter .. > > Anybody face this problem ? what is the solution for this ? without > this function , my app is useless , because user can only sign out at > twitter.com or clear the cache/cookie in browser. > > Cheers . > CG > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
