apex method for logout from force.com site

I’m using a force.com site and it has a login method that allows you to redirect them to different landing pages from within apex via Site.login(username,password,url). However it appears there is no Site.logout() method. Its my understanding that logout is configured via the customer portal settings and then called using {!$Site.Prefix}/secur/logout.jsp.

My issue is what if I want to redirect the user to different logout pages conditionally? Is there any way to do this or am I stuck using only the URL in the customer gateway settting.

Thanks!

Answer

You are correct, there is no Site.logout() method, sadly. Directing to the /secur/logout.jsp page is the only Salesforce-blessed method I know of for doing logout, and doesn’t support any conditional logic, AFAIK.

A few semi-hackish options, in the order of how likely they are to meet your requirement.

  • I’m not 100% sure, but pretty sure, that Apex cookies (set via Cookie class) that are longer-than-session-lifed don’t get cleared when a user signs out in the context of Sites. If that’s the case, you could potentially use the cookie to transport data to your post-login-page, which would do different things depending on the cookie contents. This wouldn’t be considered secure if there is any data in the cookie that would be identifying, but for something like “show the Brand A signout page or the Brand B signout page” it would probably be fine.
  • although not blessed by Salesforce, you can invalidate a Salesforce session by invoking /secur/logout.jsp “in the background” (via iframe or ajax-style web call). So theoretically you could have a VF page handle the login click, make your conditional logic determination, then redirect them to the page that has the embedded /secur/logout.jsp call in it.
  • although not blessed by Salesforce, you can also effectively invalidate a user’s session by manipulating the Salesforce session cookies (i.e. clearing them). Numerous issues with this approach: this doesn’t kill the server-side session, so would be considered less secure than #1; the cookies are also subject to change over time; and is not very Salesforce-ish.
  • could probably think of a couple other options if I knew a bit more about your requirements – what these conditional pages do and how the conditional logic can be fired.

Attribution
Source : Link , Question Author : Phil B , Answer Author : jkraybill

Leave a Comment