0 votes
1 view
in Salesforce by (11k points)

I am trying to build a web app that lets the customer add demo data to any Salesforce instance. My demo builder uses OAuth 2 Authorization Code Grant.

I am trying to get the switch instance portion working. However once the user connects to one instance

GET /services/oauth2/authorize?response_type=code&client_id=blabla.UKP&redirect_uri=https%3A%2F%2Fsfblademo.bla.com%2Foauth%2Fcallback HTTP/1.1 Host: na9.salesforce.com Connection: keep-alive User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.12 Safari/535.2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cookie_bla; disco=5:00D50000000Ii39:00550000001ifEp:0|; autocomplete=1; inst=APP5

It redirects to the previous instance. Seems like its reading cookies and redirecting

HTTP/1.1 302 Found Server: Location: https://na3.salesforce.com/setup/secur/RemoteAccessAuthorizationPage.apexp?source=blablablaContent-Type: text/html Content-Length: 525 Date: Fri, 16 Sep 2011 21:46:58 GMT

The URL has moved here

Is there a way to sign out or clear the cookies salesforce has. I am not running my app on salesforce.

Thanks !

1 Answer

0 votes
by (27.8k points)

The API logout() call isn't going to work because that will only invalidate the API session and not the UI session stored in the browser cookie on the *.salesforce.com domain, to which your app won't have direct access. That's not to say it isn't still recommended, but to clarify that UI cookie, you'll need to redirect the end-user to /secur/logout.jsp on the instance_url of the previous session. To make it transparent to end-users, you can load it in a hidden iframe like this:

<iframe src='https://{instance_url}/secur/logout.jsp' width='0' height='0' style='display:none;'></iframe>

...