Thursday, December 20, 2018

When logging out of a website that authenticates with Facebook, should the user be logged out of Facebook as well?


I'm working on a website that integrates the Facebook login API. When a user clicks the logout button for the website, I log them out of the website's session. The question is if I should be calling the Facebook logout method to log the user out of their Facebook session as well.


Based on the "Keep me logged in" checkbox on the Facebook login dialog, I would assume that we should be logging them out of Facebook too.


I've seen on sites like Quora, Groupon and Vimeo that if a user logs in with Facebook to the site and then logs out, their Facebook session is still valid.



Answer




I seriously doubt that also logging out of Facebook is the expected behavior in the most common scenarios. However, there is a worst-case scenario where logging them out might be the civilized thing to do on their behalf.


The most nuanced approach would be to leave them in whatever state they were in when they came to your site: so if they were signed in to FB already you leave them signed in when they leave. If they had to authenticate to Facebook, you sign them out when they're done, respecting the value of the "Keep me signed in" checkbox.


Scenario 1 (most common): The user comes to your site. They're using their computer or device. (you have no way to know this.) They're already signed in to Facebook. They use your site and leave. In this case it would be really annoying to sign them out of Facebook.


Scenario 2 (worst-case): The user comes to your site. They're using a computer at a hotel business center or in a webcafe. They have to sign in to Facebook to sign in to your site. They use your site. They forget that Facebook was involved at all. (Count on this.) They leave your site. In this case it would be very nice to sign them out of Facebook.


Scenario 3 (common with an annoying downside): They're on a mobile browser. Don't sign them out of Facebook. Signing in on mobile is very tedious and even more error-prone than on a computer with a proper keyboard. Mobile devices are very personal and it's likely they want to remain signed in on Facebook.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...