When I log out of a LinkedIn related session then log back in, my user account is used automatically. A large percentage of our users have multiple users per computer or use public computers and do not want automatic login. The automatic login should either be removed or made optional.

If made optional, it could be similar to the Remember me module with a check box in the login or a check box in the user profile or we could use the Remember me module in conjunction with LinkedIn auth. Remember me could initiate the automatic login then Linkedin auth could process the login.

Comments

peterx’s picture

peterx commented

I added a hook_user_logout function to remove the Linkedin values from the session and that did not stop the automatic logging back in.

mike.roberts’s picture

mike.roberts commented

I've recently run into this problem as well, and I'm not sure it's possible to fix. The PIC want this same exact scenario, but (please correct me if I'm wrong) the problem lies in the fact that when the "log in using linkedin" link is clicked, they're redirected to a form on linkedin's website that is actually logging them in to linked in. They're not using their linkedin credentials to log into your site, they're logging into linkedin and linkedin is giving us access to their account/session through their api. I do not believe that there is an option to destroy that session on log out.

That is how all of the log in services work, you log into said service, said service creates a session, they are redirected back to your website and you have access to the user's info. It's not magically creating a Drupal session with a users linkedin account without actually logging in to linked in, we have no record of that information in our Drupal database and no connection to linkedin's servers. The session that we do create, that is created by Drupal, uses the access token that we get from the linkedin session. On logout that Drupal session is actually terminated, and they are officially logged out of Drupal, but their linkedin session is still active (because they logged in to linkedin). We can't actually log them out of linkedin from Drupal (again correct me if I'm wrong) since we don't generate the linkedin session, linkedin does.

I think this should be marked as "closed (works as designed)" since this module actually works correctly, and how every single other login with X service works. It's just the way the internet works. If you want to have login with X, they're logging into X and have to log out on their own.

davad’s picture

davad commented
Status: Active » Closed (works as designed)