Hello, please sign in or register
You are here: Home

Messenger Signout confusion in v3.7 and previous

I've worked with some clients who are a bit confused by the UX of the Windows live consent form process. The culprit is multiple sign-in locations and the context of "Sign me in automatically" checkbox on the consent form ....

THE QUESTION

          I hold my mail account with live.com and when i authenticate myself on a website like toobify.com using my LiveId. A consent form opens. I avoid clicking the "Sign me in Automatically" because i want to switch users (i am the developer after all). However when i signout and back again. I am not prompted and the consent continues with my original credentials without my authority ... wtf!? 

THE ANSWER

Whether you clicked "remember me" or NOT. Until you close your browser you will automatically be signed into Live.com. This means you wont be prompted again for credentials in the current session. With the exception that you clear your cookie cache or your session lasts an extraordinary length of time that they expire of their own accord.

To switch accounts you'll have to remove your Live.com session!

Building this into the application is a bit hacky, but the following is a scenario which avoids to much disruption:
  1. First of all we should determine whether the user clicked the signout button. As if there the user lost wifi this probably is more of a hinderance than a blessing. 
  2. Secondly we call the signout script on Live.com to destroy our user session - by calling a page on live.com within a hidden iframe.

Code

_user.add_signedOut(function(sender, e){
	switch (e.get_reason ? e.get_reason() : -1) {
		case 0: //SignedOutByLocalEndpoint
		case 1: //signedOutByRemoteEndpoint
			signOutFromLive();
			break;
		case 2: //connectionLost
		case 3: //serverError
			log("Try to resignin");
			break;
		case 4: //endpointLimitExceeded
		default:
			break;
	}	    
});

// Open up a page on the live.com site which removes the live.com session data.
function signOutFromLive(){
	var fr = document.createElement('iframe');
	fr.style.border = fr.style.height = fr.style.width = 0;
	fr.src = "http://login.live.com/logout.srf?id=253951&ru=http%3A%2F%2Fconsent.messenger.services.live.com%2Fexpirecookie.aspx&ts=" + new Date().getTime();
	document.body.appendChild(fr);
}

If you are not familiar with the _user object you can find out more at http://msdn.microsoft.com/en-us/library/cc298452.aspx.

I hope this has helped

BTW: ... move to V4.0+ as sessions are kept separate, so this is no longer an issue.


Comments

Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

drew
Andrew Dodson
Since:Feb 2007

Comment | flag

Categories
Bookmark and Share