OAuth - Revoke Token

[lakeba]

Hi,
I am using your library successfully to integrate an MVC application with the SalesForce Oauth and to fetch data's.

I full used your sample code in WebServerOAuthFlow and all good.

My problem now is how to logoff and make sure the login page is showed again.

I thought that the revoke of the token was enough but not.

This the situation:

1. a user digit my website address, if not logged in then redirect to Oauth page.
2. once he login with salesforce the server callback my webapi and I store the logged status in session.
3. then I have a logoff button with a actionlink that revoke the token of salesforce, empty the session and redirect to the home page.

Till here all fine, but when I reopen the website, the oAuth page redirect me automatically to the home page as seems that the authentication happens automatically.

Any suggestion?

thank you in advance

[metadaddy]

You likely still have the session cookies in the browser. One way to unobtrusively log the user out of their Salesforce session is to open <instance_url>/secur/logout.jsp in a hidden iframe.

[lakeba]

Thank you for your quickly answer.
So no better to delete the cookie or implement it in the lib ?

[metadaddy]

The cookie is on the instance_url domain (e.g. na5.salesforce.com), so it's not accessible to you anyway.

[lakeba]

Thanks again.
this the approach that solved my problem:

return Redirect(Session["instance_url"].ToString() + "/secur/logout.jsp" + "?retUrl=https://mywebiste.com");