Can't sign out

by Greener 10 Replies latest forum tech-support

  • Greener
    Greener

    Hey ,

    Is this entrapment here? I want to sign out, press the sign out button over and over. It doesn't sign me out. Yes please..I want out ..

    GGG

  • Simon
    Simon

    That's a bug, I'll take a look.

    I'm hoping to roll out a better membership system soon where you'll be able to control your sign-in using google / facebook etc... accounts rather than ye-olde username or email + password.

    In the meantime, clearing your cookies on this site should log you out.

  • Greener
    Greener

    Well I went into Internet options, Privacy and then chose clear sites. Then tried to sign out again. Doesn't work

    Windows 7 here.

  • DesirousOfChange
    DesirousOfChange

    Ya gotta remember that Simon is a former JW and may still have some JW attributes/attitudes. The fact that once you join his site you cannot sign out (leave it) sounds eerily familiar.

    Doc

  • nicolaou
    nicolaou

    sign-in using google / facebook etc... accounts rather than ye-olde username or email + password.

    Whoa! Nothing wrong with a username and password Si'. You know better than most how important anonymity is for 99% of fading or waking JW's. I'm just not convinced that a Facebook/Google login can guarantee that.

    Remember AAWA . . .

  • Simon
    Simon
    Whoa! Nothing wrong with a username and password Si'. You know better than most how important anonymity is for 99% of fading or waking JW's. I'm just not convinced that a Facebook/Google login can guarantee that.

    Just to be clear. I'm talking about authenticating using Google / Facebook, not using those as the "identity" on the site.

    You'd still get to chose your own forum name and avatar and there would be no visible link to your other account. The sign-in is just a way for the system to identify you as the same person again when you come back and using OAuth is really just saying we trust Google or facebook et al to do this.

    The communication is between the user and the 3rd party Auth provider and then between the site and that provider to verify the token that the user provides as being 'legit'. The user has complete control of what access is granted which, for the forum, will just be the basic identity - not to post to feeds, add people to groups or any of that crazy and dangerous shit.

    I found the bug with the sign out. Part of the code signs you out but then another part immediately signs you back in. I'm trying to figure out how to separate the steps but may just rollout the fix in the new version. In the meantime deleting the cookies for the site signs you out.

  • cappytan
    cappytan
    Greener: Choose the option to delete your cookies, not your site history.
  • nicolaou
    nicolaou
    The user has complete control of what access is granted which, for the forum, will just be the basic identity - not to post to feeds, add people to groups or any of that crazy and dangerous shit.

    Thanks for the clarification Simon. To be clear, is the default access granted via OAuth as minimal as you describe? I am picturing naïve JW teenagers just clicking 'Accept' without really checking what level of access they are allowing only to be confronted by Brother Righteous a few days later . .

  • Simon
    Simon
    To be clear, is the default access granted via OAuth as minimal as you describe? I am picturing naïve JW teenagers just clicking 'Accept' without really checking what level of access they are allowing only to be confronted by Brother Righteous a few days later.

    The 'auth' part of OAuth is all about authorization (not authentication although it can help provide that) but of course it relies on the user reading the page when granting permission to a website or app but the key thing is that the user is in control of what is granted and that grant can be revoked.

    It depends on the provider but most of the major ones are pretty granular in the permissions that can be requested and granted and the basic id is typically an opaque identifier and name / email type basic profile. For this site its just a way to give you access to the same account to post with when you come back - we receive a token and can use that to retrieve your account instead of the username + password combo typically used.

    There are more complex use-cases where owners can grant sites access to resources they own (e.g. so a printer can read their photos) but I don't intend to do anything that fancy and even if I did, the beauty of OAuth is that it's all optional and under the control of the user.

    Nothing will be rolled out unless it is secure - I don't intend to have any "identity debacles" :)

  • nicolaou
    nicolaou
    Cheers to that!

Share this

Google+
Pinterest
Reddit