How to add logout feature to an OpenID enabled site?

Question

I have recently added OpenID login to my website. But I don\'t know how to add the logout feature.

For example, on clicking the Sign In button I am able to show the

Answer 1

You can only implement local logout for OpenID. As Charles Duffy said you can always use specific urls but that is provided the user is using a provider that you know the logout url for. That can be fustrating if your user discover that all his google accounts are logged out when they logout of your website.

The other way of looking at the problem is whether you want to ensure the the person logging into your website always needs to key in his password, instead of just logging in when he is already logged in to an openid provider.

This (IMHO) provides better security if they are using it from a public terminal. This will ensure that the user who is logging in always needs to revalidate his password.

To do that its actually quite simple, just use the PAPE extention openid.ns.pape = "http://specs.openid.net/extensions/pape/1.0".
openid.pape.max_auth_age = 0

as part of the URL when you are logging into a OpenID provider.

More information here http://code.google.com/apis/accounts/docs/OpenID.html