Hello,I'm currently developing a solution to log out a user from the community sessions automatically. I followed the API Reference here: https://developer.khoros.com/khoroscommunitydevdocs/reference/authsignoutI am currently getting the correct response of the user being signed out of all sessions but when I go to the community forums with my test user I can still see the user logged in.This is the json response that I am receiving:{ "status":"success", "message":"", "data": { "signed_off_all_sessions":true, "id":"#######" } }Context: we do use a cookie for our users to log into the community site if they are logged into our site. But I have made sure to just be logged into the community site without said cookie when trying this call out. Any help would be welcomed.

Hi marvide This seems like a bug with the signoff logic that runs when you make the call (it also seems like a bug that it doesn't sign off web sessions when you use OAuth). Would you mind opening a support case for this? That will get a bug opened in our system which we can track and get resolved for you. Please reference this thread in the case when you open one. Thanks, -Doug

I tried sending the lithiumLogin:{community id} with a new value and with a past expiry date but that did not work either... looks like the cookie is still there.Also tried sending a curlopt_cookielist, 'all', which supposedly deletes all cookies but it just didn't happen.Do I need to send this cookies in a separate call? I believe that this is it, but I have been unable to do it successfuly.The cookies are indeed deleted / updated after I send the call, but my user still has its session open anyway, has it got to do with the roles of the user making the call? Like, could I be receiving the `success` message but the function not actually working?

Hi marvide. I've passed this on to our Engineering team. Hoping to get a reply back later today or tomorrow.

Are you using the correct body parameter for your setup? E.g. sso_id if your setup is using SSO or just id when you are using Khoros community authentication. Not sure if mixing them up would actually work, but I've personally already mixed up ids versus SSO ids before 😛

I was indeed sending both the id and the sso_id at the same time. Right now I tried just sending the sso_id like this: { sso_id: $user_sso_id } And it's still returning the correct response of all sessions being logged out, but I am still clearly not logged out. 😞 Edit: Just tried sending the user id like so{ id : $user_id }And still, the user is not logged out.

Logging a user out not working

Claudius
Boss
4 years ago
Are you using the correct body parameter for your setup? E.g. sso_id if your setup is using SSO or just id when you are using Khoros community authentication. Not sure if mixing them up would actually work, but I've personally already mixed up ids versus SSO ids before 😛
- marvide
  Adept
  4 years ago
  I was indeed sending both the id and the sso_id at the same time. Right now I tried just sending the sso_id like this:
  
  { sso_id: $user_sso_id }
  
  And it's still returning the correct response of all sessions being logged out, but I am still clearly not logged out. 😞
  
  Edit: Just tried sending the user id like so
  { id : $user_id }
  And still, the user is not logged out.
  - Claudius
    Boss
    4 years ago
    Maybe signing out on server side isn't sufficient and there are Khoros session cookies on your browser client that immediately sign the user back in?
    Maybe try deleting all Khoros session related cookies at the same time to rule that out. As a starting point you can look at the Khoros Cookies Datasheet (Community, Care, Marketing, Khoros Bot)
marvide
Adept
3 years ago
I still have not found what the issue seems to be.
My staging user and production user have the same grants, and I checked that both have `Manage roles, user bans, and abuse notifications in admin and user profiles` permission as granted.
The staging user does sign out other users when making the call to the staging api while the prod user does not.

I would love some more insight into this one, because I think I've already exhausted all my options.
DougS
Khoros Oracle
3 years ago
Hi marvide

I seem to have missed this thread when I was mentioned before. Apologies for that.

Are you using OAuth 2.0 (passing Authorization and client-id headers) or a REST V1 Session Key (passing li-api-session-key header or restapi.session_key parameter) to authenticate to the API when you make the signout call? Also, are you making the signout call as the same user you are signing out, or a different user?

It looks like if you authenticate via OAuth 2.0 it signs off your OAuth user (revokes your access token), but doesn't sign you out of any web sessions you have going.

-Doug
- marvide
  Adept
  3 years ago
  I am using a REST V1 Session Key to authenticate to the API.
  About the user making these API calls, we have a production and staging environment.
  In production we have the user APIUser, which has an admin role that has allow grant for all permissions.
  In staging we have the user api_only, which also has an admin role with allow grant for all permission.
  In production, we receive confirmation that the user we are trying to sign out has been signed off all sessions, but when I go and check the community, the web session is kept alive.
  In staging, we also receive confirmation that the user has been signed off all sessions and the web session is also killed.
  I'm not sure why the behavior is like this, but it is consistent.
  - DougS
    Khoros Oracle
    3 years ago
    Hi marvide
    
    This seems like a bug with the signoff logic that runs when you make the call (it also seems like a bug that it doesn't sign off web sessions when you use OAuth).
    
    Would you mind opening a support case for this? That will get a bug opened in our system which we can track and get resolved for you. Please reference this thread in the case when you open one.
    
    Thanks,
    
    -Doug

Forum Discussion

Logging a user out not working

Related Content

Users not receiving Atlas emails

Working with Khoros during Major Events

permissions for the user biography based on user roles

Subscribe button not working for users

Documentaion liql constraint not working

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined