Hi everyone, I am compelled to ask because the search turned out a few post that were somewhat vague and didn't answer all my questions.
I have a website widget that interacts heavily with Twitter. We use OAuth to authenticate our requests. To logout the users from our side we destroy the OAuth token. However during the initial OAuth workflow Twitter places a cookie on the browser, so if the user logs out from our site but navigates to the Twitter site they are still logged in. Closing the browser solves this, as it appears the cookie is a session cookie. Calling the "account/end_session.json" end point does nothing for use because the call is server side so the cookie doesn't get replaced. I am a little concerned about this behavior since the widget will be on a public site users can access from public computers. It is possible the users will log out of our widget but not close the browser window. At that point someone could navigate to twitter and still be logged in with their account. So finally my questions are: 1. Is how do I reliably log users out of Twitter? 2. Is it really necessary for Twitter to send this cookie during the OAuth workflow? The API is stateless so the cookie is really un- necessary as far as using the apis is concerned. Sorry for the lengthy post, responses are greatly appreciated! Cheers, Matei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
