CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: logout when already logged out

Yeah, I've wondered about this a few times myself and have been meaning to talk to our usability folks about it. I'm uncomfortable with silent failure, but in this case I think it is utterly reasonable. Anyone have any objections to my changing the code such that logout tells the user everything succeeded even if it didn't but logs any strange errors for admin perusal?

The vast majority of these cases will be that the user was not logged in. Other possible errors (permission denied by cosignd, couldn't contact cosignd, etc.) aren't really anything the user can do anything about. As long as the cosign cookie has been nullified & expired in his/her browser everything will behave properly.


On Jun 28, 2004, at 9:36 AM, Phil Pishioneri wrote:

During a discussion with one of our graphic folks who is working on our customized pages, an interesting point came up:

When one is sitting on the verify logout page, and logs out elsewhere (either a time-out, or by manually going through logout in another window), and then attempts to logout of the first page, you get an error page with the message

Logout failed. Perhaps you were not logged-in?

While true at one level, is it really a problem?

If you are actually logged out (vs. some internal problem preventing logouts), mightn't it be less confusing for the client if the code just redirected back to the main page (as it does for a successful logout)?



... "In, as you say, the mud." ...

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010