2

I am calling 

s.closeAndClearTokenInformation();
s.close();
Session.setActiveSession(null);

Which are the only methods I see that appear to reset a user's login, however, upon my next cycle through my app and call to Session.getActiveSession() I do not get a login dialog and the pre-existing token is utilized.

I'm not seeing anything in the documentation about logging a user out (I only see options for how to present them with a log-out button, which doesn't work for our use case).

Would really appreciate some advice on this.

Charles
  • 50,943
  • 13
  • 104
  • 142
Yevgeny Simkin
  • 27,946
  • 39
  • 137
  • 236
  • the code that you have wrote, works for me. Thanks! But i think it is async clear and close - it doesn't clear session right after call, maybe you should try `postDelayed` somehow? – Roger Alien May 05 '13 at 06:26

2 Answers2

2

When you call closeAndClearTokenInformation, it will clear your app's local cache of the token information that's associated with the user.

When you create another session AND you open it AND you use SSO AND the Facebook app exists on the device AND the user is not logged out from the Facebook app, then the app will silently authorize your app again without requiring further user interaction. This is by design (since when they authorize your app, the authorization is active unless they explicitly revoke access).

What is your use case where you want to see user interaction for subsequent session open calls?

Ming Li
  • 15,672
  • 3
  • 37
  • 35
  • This is a Kiosk app designed to be used by multiple unrelated users all day. They log in to authorize being communicated with later, but their login needs to be cleared immediately after their experience. Are you saying that if I uninstall the Facebook app from the device that will solve the problem of persistent login? – Yevgeny Simkin Feb 26 '13 at 01:53
  • Correct. If you remove the Facebook app, it will use a webview to login instead, and as long as you call closeAndClearTokenInformation, it will force a user/password login every time. – Ming Li Feb 26 '13 at 05:44
  • @MingLi So are you saying that there's no way to logout of an app if you use SSO? (other than logging out from the Facebook app)? – you786 Dec 11 '14 at 15:38
  • No, that's not what I'm saying. Calling closeAndClearTokenInformation will log the user out of your app. Your app then needs to create another Session object, and explicitly call openForRead (or one of the open methods) for the user to log in again (at that point, they may or may not be prompted with UI depending on the conditions I stated above). – Ming Li Dec 11 '14 at 23:11
0

You log out, but you didn't revoke the access, so when opening again, it logs on and see that it is authorized to it.

I don't know how it's done in the new API, but check this out Facebook API SDK revoke access

Hope it helps.

Community
  • 1
  • 1
La bla bla
  • 8,558
  • 13
  • 60
  • 109