I thought I had found a solution, albeit a horrendously ugly one: redirect them to http://twitter.com/logout, but even that doesn't work.
If you are looking for reliable, don't log them in with OAuth - except once, the first time, when you store their token. On Sep 3, 7:23 am, Abraham Williams <4bra...@gmail.com> wrote: > There is no pragmatic way to sign a user out of twitter.com through the API. > > When a user logs out of your site send them to to twitter.com so they can > sign out there or to a page explaining they should sign out of twitter.com > > Abraham > ------------- > Abraham Williams | Hacker Advocate |http://abrah.am > @abraham |http://projects.abrah.am|http://blog.abrah.am > This email is: [ ] shareable [x] ask first [ ] private. > > On Thu, Sep 2, 2010 at 10:43, Matei <mad.doroba...@gmail.com> wrote: > > bump? > > > On Sep 1, 10:45 am, Matei <mad.doroba...@gmail.com> wrote: > > > Hi everyone, > > > > I am compelled to ask because the search turned out a few post that > > > were somewhat vague and didn't answer all my questions. > > > > I have a website widget that interacts heavily with Twitter. We use > > > OAuth to authenticate our requests. To logout the users from our side > > > we destroy the OAuth token. However during the initial OAuth workflow > > > Twitter places a cookie on the browser, so if the user logs out from > > > our site but navigates to the Twitter site they are still logged in. > > > Closing the browser solves this, as it appears the cookie is a session > > > cookie. Calling the "account/end_session.json" end point does nothing > > > for use because the call is server side so the cookie doesn't get > > > replaced. > > > > I am a little concerned about this behavior since the widget will be > > > on a public site users can access from public computers. It is > > > possible the users will log out of our widget but not close the > > > browser window. At that point someone could navigate to twitter and > > > still be logged in with their account. > > > > So finally my questions are: > > > 1. Is how do I reliably log users out of Twitter? > > > 2. Is it really necessary for Twitter to send this cookie during the > > > OAuth workflow? The API is stateless so the cookie is really un- > > > necessary as far as using the apis is concerned. > > > > Sorry for the lengthy post, responses are greatly appreciated! > > > > Cheers, > > > Matei > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk?hl=en > > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
