Comment 7 for bug 451336

Here's what would happen based on my original suggestion:

1. Rich is using one of the public university computers. He needs to log into the Ubuntu One interface to download a document to be printed for his next class. He logs in, successfully downloads and prints the file, and then he hits the logout button so that he can quickly get to class. Rich wants to confirm he is successfully logged out before leaving the workstation.

 1. Hit the logout button.
 2. A couple of options:
   a. Rich is *only* an Ubuntu One user: The default Ubuntu One home page is displayed
   b. Rich has recently used his SSO account to log in to other services: Ubuntu SSO page is displayed: "You have been logged out of Ubuntu One. You may also need to log out of these sites which you've used recently: *list of sites Rich has recently used with Ubuntu SSO*"

So, we don't explicitly say "You have been logged out" in case 2a. Here are a few options:

 * Leave it. Is the change in appearance of the consuming site (offering the option to Log in) sufficient to confirm the user's action?
 * Display a "You have been logged out" page on Ubuntu SSO for all cases
 * Send something in the query string back to the consuming site to indicate that the user has logged out

----

2. Emily visits a web-site that says she must authenticate using her Ubuntu SSO credentials. She clicks the login link, since she's already logged into other services with SSO it merely asks her if she wants to login. She chooses to and is sent to the new site. She decides this is not something she interested in using again and clicks the Logout button for the site. She doesn't want to log out of the other services she uses regularly.

 1. Hit the logout button
 2. Ubuntu SSO page displayed: "You have been logged out of <web-site>. You may also need to log out of these sites which you've used recently: *list of sites Emily has recently used with Ubuntu SSO*" Note: Emily has not been logged out of the 'recently used' sites.

This is a worthwhile case to consider for the next phase of this work when we were considering automatically logging the user out globally without intervention.

----

3. Neil comes across a site that looks suspicious. It shows he is logged in and he doesn't like the idea and would prefer to browse this site anonymously. He hovers his mouse over the button and the status bar shows that the logout link points to the Ubuntu SSO service. (In fact, this is a malicious or mis-configured site and the link is not doing what it says it is doing). Neil clicks the link.

Assuming Neil hasn't *actually* logged in to the suspicious site:

 1. Hit the logout button. The site doesn't know his user id so can't pass it along
 2. Ubuntu SSO displays a page: "<site> is attempting to log you out of your session but this isn't the account you used to log in. You may be logged in to other sites which we can't notify you about. Continue or cancel"
   a. Neil clicks "Continue": a couple of options:
     i. The site sends a return URL which isn't recognised. Neil is logged out of Ubuntu SSO and the main login page is displayed with the message "You have been logged out"
     ii. The site sends a return URL which is recognised, but the HTTP_REFERER is sent and doesn't match the return URL. Neil is logged out of Ubuntu SSO and the main login page is displayed with the message "You have been logged out"
     iii. The site sends a return URL which is recognised. Rich's browser doesn't send the HTTP_REFERER header. Enter the same route as Rich, above.
   b. Neil clicks "cancel": he is redirected to the Ubuntu SSO main page. The message "Logout cancelled" is displayed

This does make me think of one possible problem in general with the proposed behaviour. We have short session lifetimes on SSO so we'll need to figure out how to avoid the need to log back in to SSO in order to log out again without increasing the duration of the actual login session.