Hi Miguel, This is an expected behavior. The other way around is also true: if your user logout of you application, they will still be login onto their OpenID provider.
The OpenID Provider (Identity provider) and your application (relying party) do not know each others, The OpenID provider just tells your application that the user that is accessing your application is really who he says it is (Authentication), After that App Engine will manage this user session, differently from the user session from the Identity provider. That been said, the user is login to your application and App Engine retains his identity and any other action on his OpenID provider will not affect the user session from your app. The key point to understand here is that OpenId is just a mechanism to identify that the person trying to login is actually what he says he is. Other than that, App Engine provides a Transparent API which let you hold on to this verification fror the life of the user session on your application. Hope this helps! Jose Montes de Oca -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine-java/-/z9zMeP_sPz0J. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
