WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Social Login
Security Issue. After Logout from Blog user is Still Logged In to S (2 posts)

  1. janubande007
    Member
    Posted 1 year ago #

    Problem: After Logout from Blog user is Still Logged In to Social Network or whatever Services was used to Login. This is a security concern because not all services will re-prompt the user to enter a password if the window used to login has been closed before visting that service again. For Eg. if a user decides to visit Facebook after using it to Login & Logout of Blog, you are directly taken to your Facebook account by the Browser even after Logout from the Blog without any prompt for password by Facebook.

    Solution: The proper way to deal with this would be a "Smart Logout" feature. When a user Logs In using Social Login, a True/False flag should be maintained (somwhere) so that when the user Logs Out he is prompted by WordPress Social Login "Do you wish to Logout of <Whatever-Social-Network-Name> ?" If the user chooses YES, then appropriate action to Logout of Social Login Service should be done. Such a feature must involve user interaction because the user may be logged in before coming to blog, or may wish to stay logged in after visiting blog.

    When do you think such a feature can be implemented?

    http://wordpress.org/extend/plugins/wordpress-social-login/

  2. Miled
    Member
    Plugin Author

    Posted 1 year ago #

    this a known issue.. most social networks do not allow third party websites to force their users to logout

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic