This project has moved and is read-only. For the latest updates, please go here.

How to understand old user logged out and a new user logged in at the same browser?

Oct 3, 2013 at 2:24 PM
For example I authorized an application with my Twitter account. Then I logged out and a friend of mine logged in to his Twitter account in another tab. This causes a situation where my friend can use the application like he authorized it, but the application knows my account, not his.

To prevent this I read that I just have to authenticate my friend's account in my application, but how can I programmatically understand that old user has logged out, or a new one logged in to perform this?

Thanks for any help.
Oct 3, 2013 at 6:27 PM

Twitter used to have an end_session endpoint, but deprecated it when they went to API v1.1. In your situation, I would add some logic in your logout function that clears the credentials from memory of the person logging out. That will force the next person logging in to authenticate.

Oct 4, 2013 at 7:25 AM
Thanks for reply.

But in this case I dont have any authentication function in my project. It is more of a public. So I don't have a log out function naturally :) What can I do to understand that user logged off their Twitter account only?
Oct 4, 2013 at 7:49 AM
There isn't an API for logon/logoff. Check out the Twitter API and you'll see that there aren't any logon/logoff (Authentication) endpoints.