sessionopenidyahoo-oauth

Yahoo account remains open after using openID to login.why?


i have added openid login with Yahoo! and Google in my site. it is ok and works fine.

when users select for example Yahoo! to login to my site, they will be logged in in their yahoo mail account too.

i think it is not secure because maybe they don't notice to this issue and leave computer while their email account is availble.

what do you think about this and what is your solution for your own sites? as i notice the same story is for stackoverflow.com.


Solution

  • It's typically a session cookie, so if they close the browser they'll be okay, but I get your concern. I'd actually be curious to hear what the Yahoo! team has to say about this themselves; if nobody from Y! finds this question I'd ask over at the Yahoo OpenID Developer Forum.