bump? On Sep 1, 10:45 am, Matei <mad.doroba...@gmail.com> wrote: > Hi everyone, > > I am compelled to ask because the search turned out a few post that > were somewhat vague and didn't answer all my questions. > > I have a website widget that interacts heavily with Twitter. We use > OAuth to authenticate our requests. To logout the users from our side > we destroy the OAuth token. However during the initial OAuth workflow > Twitter places a cookie on the browser, so if the user logs out from > our site but navigates to the Twitter site they are still logged in. > Closing the browser solves this, as it appears the cookie is a session > cookie. Calling the "account/end_session.json" end point does nothing > for use because the call is server side so the cookie doesn't get > replaced. > > I am a little concerned about this behavior since the widget will be > on a public site users can access from public computers. It is > possible the users will log out of our widget but not close the > browser window. At that point someone could navigate to twitter and > still be logged in with their account. > > So finally my questions are: > 1. Is how do I reliably log users out of Twitter? > 2. Is it really necessary for Twitter to send this cookie during the > OAuth workflow? The API is stateless so the cookie is really un- > necessary as far as using the apis is concerned. > > Sorry for the lengthy post, responses are greatly appreciated! > > Cheers, > Matei
-- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en