how do you make a apex rest call to delete authsession ? We are developing a utility that kills or end a user session. How can we accomplish that? - Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
Sasi JayamaruthyramanSasi Jayamaruthyraman 

how do you make a apex rest call to delete authsession ? We are developing a utility that kills or end a user session. How can we accomplish that?

Pruthvi Raj KankunthalaPruthvi Raj Kankunthala
@Sasipriya :  Directing to the /secur/logout.jsp page is the only Salesforce-blessed method I know of for doing log out, and doesn't support any conditional logic, AFAIK.
A few semi-hackish options, in the order of how likely they are to meet your requirement.
  • I'm not 100% sure, but pretty sure, that Apex cookies (set via Cookie class) that are longer-than-session-lifed don't get cleared when a user signs out in the context of Sites. If that's the case, you could potentially use the cookie to transport data to your post-login-page, which would do different things depending on the cookie contents. This wouldn't be considered secure if there is any data in the cookie that would be identifying, but for something like "show the Brand A sign out page or the Brand B signout page" it would probably be fine.
  • Although not blessed by Salesforce, you can invalidate a Salesforce session by invoking /secur/logout.jsp "in the background" (via iframe or ajax-style web call). So theoretically you could have a VF page handle the login click, make your conditional logic determination, then redirect them to the page that has the embedded /secur/logout.jsp call in it.
  • although not blessed by Salesforce, you can also effectively invalidate a user's session by manipulating the Salesforce session cookies (i.e. clearing them). Numerous issues with this approach: this doesn't kill the server-side session, so would be considered less secure than #1; the cookies are also subject to change over time; and is not very Salesforce-ish.
Source : http://salesforce.stackexchange.com/questions/9499/apex-method-for-logout-from-force-com-site