3

I am using google open id on my website as a login system. I ran into some trouble with logging a user out. Destroying the session on the site obviously doesn't log them out of the google account, and on the next login the user automatically logs in with whatever google account the browser is logged into.

Looking at a few questions on here, I discovered I could just make a request to https://www.google.com/accounts/Logout

I tried using 

<script type="text/javascript">
    $.ajax({ url: "https://www.google.com/accounts/Logout" });
</script>

but it did not work and I'm not sure why. However this works just fine

<img src="https://www.google.com/accounts/Logout" />

Can anyone explain to me why the ajax request doesn't work?

Edit:

More importantly, what is the best way to send the request? An img tag doesn't seem like a nice solution. Thanks

T May
  • 466
  • 1
  • 8
  • 18

1 Answers1

2

You cannot make cross-domain requests using jQuery's $.ajax, see Same origin policy so that is why your first solution does not work.

Edit: I am not familiar with how Google's OpenID works, but as a user I would not use an app that logs me out of Google when I want to logout of the app; that's a bad user experience.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • Thanks for the clarification on the ajax request. – T May Jan 23 '13 at 02:07
  • 1
    There is probably a better solution to the logout (this is my first project of this nature) but as far as I can tell there is no better way to handle it. The site will be used on public computers, potentially with users one after another on the same computer login. If I don't ensure they first user logs out of google, the second could end up logging into the first account. – T May Jan 23 '13 at 02:08
  • @T May I also assume there is another (better) solution, but I am not familiar with Google's OpenID as I have not needed to implement it yet. – jeroen Jan 23 '13 at 14:16