0

I'm using the App Engine Users Service API in PHP. My app requires authentication. The authentication for logging in is working fine, but when I logout of my Gmail account my app still shows that the user is logged in.

How do I make sure that the app also gets logged out the moment the Gmail account is logged out?

<?php
use google\appengine\api\users\User;
use google\appengine\api\users\UserService;
$user = UserService::getCurrentUser();

if ($user) 
{
    #perform action
}
else 
{
    header('Location: ' . UserService::createLoginURL($_SERVER['REQUEST_URI']));
}
Gwyn Howell
  • 5,365
  • 2
  • 31
  • 48
Krish
  • 401
  • 6
  • 18

1 Answers1

1

This is not possible.

When you use the Users Service API on App Engine, it authenticates you against your Google Account, and creates a 'session' on your App Engine server. This is all handled seamlessly by the API. After authentication, you are authenticated to your App Engine server independently. Therefore, logging out of your Google Account does not effect your App Engine session.

This does work the other way around however (ie logging out of your App Engine WILL log you out of your Google Account), as the action is triggered from your App Engine account.

Gwyn Howell
  • 5,365
  • 2
  • 31
  • 48
  • so does that mean if I have a logout button in my app and logout from their then this will work? – Krish Apr 12 '14 at 12:50
  • If you put a logout button in your app, and the button redirects to a URL generated from calling the createLogoutURL method, then it will also log the user out of their Google Account – Gwyn Howell Apr 12 '14 at 12:52
  • 1
    If it is really critical to you and your are using Google Apps for business, there is a possible workaround: you can customize the logout URL, in the SSO settings (without the need to enable SSO). There you can set your application's logout URL or implement a kind of "Single Logout" for all your apps. – David Cifuentes Apr 18 '14 at 14:31