Appengine user service +GWT not logging out

0
votes

I have an appengine app with a GWT frontend. I am using appengine's user service to authenticate with google accounts. My problem is when logging out from the GWT frontend the user is not completely logged out. The user is shown the login page, however when you click to login again with google a google account, it goes straight to the app without going to the google login page. I am not using any custom login/pass fields here, strictly appengine user service.

I am guessing this has something to do with HTTP sessions and basic authentication, however I have not been able to log out entirely.

Here is the Login/out service on the server:

import javax.servlet.http.HttpSession;

import com.google.gwt.user.server.rpc.RemoteServiceServlet;

@SuppressWarnings("serial")
public class LoginServiceImpl extends RemoteServiceServlet implements
LoginService {
  public final static String CHANNEL_ID = "channel_id";

  @Override
  public UserAccountDTO getLoggedInUserDTO() {
    UserAccountDTO userDTO;
    HttpSession session = getThreadLocalRequest().getSession();

    UserAccount u = LoginHelper.getLoggedInUser(session, null);
    if (u == null)
      return null;
      userDTO = UserAccount.toDTO(u);
      UserService userService = UserServiceFactory.getUserService();
      userDTO.setLogoutURL(userService.createLogoutURL(requestUri));
    return userDTO;
  }

  @Override
  public void logout() throws NotLoggedInException {
     getThreadLocalRequest().getSession().invalidate();
    throw new NotLoggedInException("Logged out");
  }

}

On the GWT client side I am using this code to logout:

Window.Location.assign(currentUserDTO.getLogoutURL());

When I click the logout link on my app (which runs the code above), nothing changes. However If I reload the page I am sent to my app's login page. When I click to login with my google account it goes straight into my app without asking for google credentials. This is tells me the user was logged out from my appengine app, however the the user is still somehow logged in to his google account in the browser (I'm assuming an auth token stored as a cookie?). I need to have my users completely logged out of there google account so the next visitor to the site is asked for google credentials.

1
google-app-enginegwtauthentication

1 Answers

2
votes

Ideally to LogOut from GAE/Google I would use logOutUrl coming out of userService. For example

UserService userService = UserServiceFactory.getUserService();
logOutURL = userService.createLogoutURL(baseURL);

logOutURL is where I would redirect window to, to log out from Google

Also check a small servlet I have written to login and logout at: http://cloudspring-demo.appspot.com/html/csAuth.html You can simply copy this servlet in appropriate servlet and after adding mapping in web.xml, you can simply invoke it to test out.