+ Start a Discussion

Detecting logout and invalidating composite App's session

My application is a hyprid application with parts running inside web tabs.  Those parts run on my servers and have a session associated.

What I would like to be able to do is to be notified when the user logs out of Salesforce so I can invalidate his session on my servers.

There was one post that mentionned a logoutURL, but I get the impression that its use is when using an SSO that logs into Salesforce, as opposed to my case where Salesforce servers as the SSO. 

Is this possible?

Yes, with SSO you can set a logout URL, but you'd have to be sure that every use came in through your SSO page.    So, I don't think there's an answer for you in the short term.    Longer term, we've discussed having Apex triggers for login and logout.  That might enable what you want, eventually.
shitanshu patelshitanshu patel

I am having the same issues can you please help me regarding this :

I tried to configure a tab in salesforce, clicking on which users will be able to work on our application in the same salesforce page.

We used salesforce session id and if the user is valid we are authorizing that user to be logged in into our application automtically and do the work.

This all is working fine now my question is how can we make sure that from Salesforce's logout url salesforce redirects to my applications logout code so that we can invalidate the session of the user from our application as well.

Once the session is invalidated from our application we will redirect it to normal salesforce logout url.