Google redirected to login when never signed out - redirect

Google redirected to login page because signed out without signing out, then there's 3 login pages when use backpage to get to previous page before redirect.....why?
Am I fucjed up, is it malware. There's always redirects randomly. Only with 1 of my googke accounts it does this on. And 2step verification always changing from what was setup last.

Related

Redirection not happening after logout to the specified website in Azure AD using SimpleSAMLphp when multiple accounts present to be logged out

I have developed an SAML application which only uses Microsoft as IDP for successful login and logout of specific users. So after logout, I want Microsoft to redirect me to the website I have configured in the Logout URL of MyApplication in Azure Active Directory. The log-in functionality works everytime but when I logout in presence of only one Microsoft Signed-In account, it logouts perfectly and redirects me to the website I specified. I am facing the issue when I am asked to choose account to logout from a set of accounts (refer Image) of which when I select the configured account, it log me out perfectly but is unable to redirect me to my specified page. The page gets stuck on "You signed out of your account It's a good idea to close all browser windows." (refer Image). Thus I want to be redirected to the specified page when I am asked to select an account while logging out.
Logout Issue Redirect Image reference
Logout Issue Redirect Image reference
This is a known bug in this library.
Here are some alternatives.
You can use silent logout.
The post logout redirect isn't expected after calling logout. This could be a timing issue.
You can achieve a 'clean' logout by opening a new window and calling logout from there. Then a user is left with an extra open window; but at least they've retained a view of the app and it hasn't lost state.

facebook logout API

I'm using the Manual Login Flow from facebook to login users to my site. This means, redirecting them to accept the app, and the getting their info. (my app is also physical, ==> one browser for many people)
I got it working as I wanted, however, as they are only redirected to login, they are kept logged-in at browser-level, meaning that if another user comes after them and tries to login, they will only be shown the other person's profile, or be redirected as if they logged in.
Thus, I need a log-out method at browser-level, but I can't find any links, or api to logout a user from the browser.
Does anyone know how?
Thanks!

DNN single sign on through webservice

I have implemented SingleSignOn for my DNN site say www.example1.com. There is another site called www.example2.com. Both the sites will redirect to a common login page which uses a webservice to authenticate the users from external database.
The problem is, when i clicks on login button in example1.com, the user will be redirected to common sso login page, and after successful authentication, he will be redirected back to the original site. If I opens a new tab and enters the url that example2.com, the user is not being logged in.
But, if i clicks on login button in example2.com, the user is automatically getting logs in.
What I want exactly is, when I logs into one site in first tab and opens another site in the second tab, on the page load only the user should be logged in, but not on the login click.
How can I handle this issue ? Any help is appreciated.
I do something similar to this.
Your database should track users currently logged in. Before you redirect to the common login page, you should check if the user is logged in. Your example2.com is not checking to see if the user is logged on before redirecting to the common login page.
Here is how ours works:
Both sites must check for cookie/Token before redirecting
User Logs into site and is Authenticated
Writes User to Token database
Stores Token in cookie with expiration
Subsequent requests read the token from the cookie and validate against Token database
When user logs out, cookie and database entry are deleted
If user does not log out properly, you must clean up tokens on a set interval

I have stucked in the facebook server

I have created a website that allow user use facebook login system to regist and login. The system runs good. It can use single sign-on to login the system, so the user does not need to input the username and password --- until yesterday.
One of teammate find that he stucked in the login system, and the single sign-on does not function anymore. The user need to input account detail whatever they have login facebook or not. The most funny thing is, after the user login in facebook login system, it does not redirect the user to the "next" url or redirect them to facebook.com (mostly this means login system setting had eror). It just stuck in the facebook server with empty blank page.
This is the link what I stuck in....
https://www.facebook.com/login.php?login_attempt=1&fbconnect=1&display=page&next=(next url)&req_perms=publish_stream%2Cread_stream%2Cemail%2Cuser_photos&legacy_return=1
without session code, and does not have any reply.
I want to know if I have set something wrong...
Use of legacy_return was deprecated almost a year ago with the migration to OAuth2, and the endpoints were finally shut down today. Please update your integration per https://developers.facebook.com/docs/concepts/login/

Access-code renewal in an IFRAME

I have an iframe where I display some of the user's Facebook information. When my server generates the content for the iframe, it checks for responses from Facebook indicating that the access-code has expired, and sets up the re-auth sequence to occur inside the iframe, where it will be the least noticeable to the user. If, however, the server detects that the user is not logged in, it will bounce out to a new browser window to lead the user through sign-up.
Lately, I've noticed my iframe tends to go blank. The issue appears to be that occasionally the Facebook APIs will report an access-code as expired when, in fact, the user is not even signed in. Attempting to renew the access-code causes Facebook to redirect to the login page. But the login page is served with 'X-Frame-Options:DENY' Header, so the browser just refuses to display anything in my iframe. I don't have any control over this process once I invoke the URL to renew the access code, and since the content in the iframe is on a different domain, the hosting page can't even detect when this situation has happened.
Anybody know of a solution to this? Ideally, the Facebook APIs would more accurately report on expired access tokens, but failing that, it would be nice if I could set the login page to be redirected to a new window.