search

codenitive / laravel-oneauth

OAuth and OAuth2 Auth bundle for Laravel
http://bundles.laravel.com/bundle/oneauth
MIT License
86 stars 16 forks source link

Expire_on_close set to true, but it does not kill session #41

Open onesneakymofo opened 11 years ago

onesneakymofo commented 11 years ago

Hello,

I have expire on browser close set to true in my session config file, but when I close the browser and browse back to the page, I am still logged in.

crynobone commented 11 years ago

When you say logged in, are you referring to twitter/facebook login or you user login? The only time that OneAuth would log you in are from https://github.com/codenitive/laravel-oneauth/blob/master/start.php#L94 which only happen when you login to twitter/facebook.

However do come out with a detail how to reproduce this bug.

onesneakymofo commented 11 years ago

I use Google login to log in. My website has no other type of login.

Reproduce:

  1. Set expire_on_close to true in Laravel's session configuration file
  2. Log in using my Gmail email.
  3. Credentials are verified and application logs me in.
  4. Close out of browser.
  5. Reopen browser and navigate back to website.
  6. Still logged in.

I thought expire_on_close was suppose to destroy the session and log out everything, but it does not do so with oneauth.

crynobone commented 11 years ago

Are you by any change using approval_prompt to auto?