python consumer, checking authentications
Kevin Jardine
kevin at radagast.biz
Tue Mar 13 03:51:36 PST 2007
>
> But this is problematic... if the user logs out of their IDP we should
> invalidate the session cookie, right?
There are much more experienced OpenID gurus on the list, but I would
think that the answer to this would be no, in general. The purpose of an
IDP is to verify an identity (and perhaps to transfer some initial
profile data). Once that is done, a session can be kept open for as long
as the user and client application feels comfortable doing so, quite
independently of the IDP.
Cheers,
Kevin
--
Kevin Jardine
Radagast Solutions
Internet campaign advice and magic
http://radagast.biz
YIM: kevinjardine
Skype: kevinjardine
Eml: kevin at radagast.biz
Tel: +31 (0)6 25581608
More information about the Dev
mailing list