Using .NET WebBrowser control, why Salesforce.com logs the user in automatically after his/her session has been invalidated?

Question

I'm logging in users via REST in my .NET application. For that in the web browser control constructor I do the following:

string server = "https://login.salesforce.com/";

var authURI = new StringBuilder();

authURI.Append(server + "services/oauth2/authorize?");

authURI.Append("response_type=code");

authURI.Append("&client_id=" + clientID);

authURI.Append("&redirect_uri=" + redirectURL);

webBrowser1.Navigate(authURI.ToString());

This works fine, the user is being presented the standard sfdc login screen, he/she logs in, I do all the flow to get the security token and the user is able to work with SFDC.

Interesting stuff happens after the user logs out, and tries to log in again (e.g. under a different name). At this point, the security token (sessionId) has been revoked (I checked). He/she clicks the login button, the code above runs again, but instead of showing the SFDC login UI again, salesforce just logs the user in automatically and redirects to the redirect URI, kicking off the login flow. Thus the user has no way to log in under different credentials... I was sure it was because of some cookie SFDC leaves behind, but after deleting all the cookies the user still gets logged in automatically... I also do this.Close(); this.Dispose(); on the WebBrowser control after logging in, so the next time it's instantiated - it's a brand new control...

Answer 1

Try to invalidate the session like this:

dynamic document = webBroweser.Document;

document.execCommand("ClearAuthenticationCache", false);

Do this before disposing of the current instance of WebBrowser. There has to be a functional Document inside it for this to work.

To learn in-depth about Salesforce, sign up for an industry-based Salesforce Certification!