browserID服務器註銷

Question

所以我發現這個browserid.org，然後這[browserid.org/developers]，並決定我想嘗試這種新的身份驗證方法是browserID。在挖掘了我能找到的唯一官方半官方示例（browserid_favbeer_example）並翻來覆去的3個簡單步驟頁面之後，我仍然感到困惑。我搜索了一下，找到了一個，可以很容易地利用javascript實現（現在）和兩個，從一個非常好的人，下面的例子。我注意到它缺少的第一件事就是註銷。如果有人能夠幫助我完成註銷，那將是非常值得讚賞的。

<?php 
/* 
* Simple implementation of Mozilla BrowserID (see https://browserid.org/) 
* Author : Guillaume <guillaume@atto.be> 
*/ 
/* 
* Usage : 
* 
$browserid = new BrowserID('mywebserver.com', $_POST['assertion']); 
if($browserid->verify_assertion()) 
{ 
     echo('Welcome, your email is '.$browserid->get_email()); 
} 
*/ 
class BrowserID 
{ 
    private $audience; 
    private $assertion; 
    private $email; 
    private $validity; 
    private $issuer; 
    private function post_request($url, $data) 
    { 
    $params = array('http' => array('method' => 'POST', 'content' => $data)); 
     return stream_get_contents($fp); 
    } 
    else 
    { 
     return FALSE; 
     } 
     } 
     public function BrowserID($audience, $assertion) 
     { 
     $this->audience = $audience; 
     $this->assertion = $assertion; 
     } 
     /* 
     * Send the assertion to the browserid.org server (this must be over HTTPS) 
     * The response is read to determine is the assertion is authentic 
     */ 
     public function verify_assertion() 
     { 
       if(isset($result['status']) && $result['status'] == 'okay') 
     { 
      $this->email = $result['email']; 
      $this->validity = $result['valid-until']; 
      $this->issuer = $result['issuer']; 
      return true; 
     } 
     else 
     { 
      return false; 
     } 
     } 
     public function get_email() 
     { 
    return $this->email; 
    } 
    public function get_validity() 
    return $this->email; 
    } 
    public function get_validity() 
* Usage : 
* 
$browserid = new BrowserID('mywebserver.com', $_POST['assertion']); 
if($browserid->verify_assertion()) 
{ 
    echo('Welcome, your email is '.$browserid->get_email()); 
} 
*/ 
class BrowserID 
{ 
    private $audience; 
    private $assertion; 
    private $email; 
    private $validity; 
    private $issuer; 
    private function post_request($url, $data) 
    { 
    $params = array('http' => array('method' => 'POST', 'content' => $data)); 
     return stream_get_contents($fp); 
    } 
    else 
    { 
     return FALSE; 
    } 
    } 
    public function BrowserID($audience, $assertion) 
    { 
    $this->audience = $audience; 
    $this->assertion = $assertion; 
    } 
    /* 
    * Send the assertion to the browserid.org server (this must be over HTTPS) 
    * The response is read to determine is the assertion is authentic 
    */ 
    public function verify_assertion() 
    { 
    if(isset($result['status']) && $result['status'] == 'okay') 
    { 
     $this->email = $result['email']; 
     $this->validity = $result['valid-until']; 
     $this->issuer = $result['issuer']; 
     return true; 
    } 
    else 
    { 
     return false; 
    } 
    } 
    public function get_email() 
    { 
    return $this->email; 
    } 
    public function get_validity() 
    { 
    return $this->validity; 
    } 
    public function get_issuer() 
    { 
    return $this->issuer; 
    } 
}// end class BrowserID 
$browserid = new BrowserID($_SERVER['HTTP_HOST'], $_POST['assertion']); 
if($browserid->verify_assertion()) 
{ 
    echo('Welcome '.$browserid->get_email()); 
} 
else 
{ 
    echo('Identification failure'); 
} 
?> 

Answer 1

我希望回答你的問題還不算太晚。 BrowserID郵件列表中有noticed，但不幸的是，沒有人回到這裏來回答你。

使用BrowserID進行身份驗證後，您將設置身份驗證Cookie並根據Cookie確定用戶是否有效。然後註銷，您向用戶提供一個鏈接，讓您刪除該cookie。

Answer 2

Joe的回答是對的，Persona不會替換您現有的會話管理，因此您仍然需要創建和刪除Cookie。但是，新的Persona/BrowserID API現在有一個您應該調用的navigator.id.logout（）函數，以及navigator.id.watch（）中的「onlogout」回調，您可以在其中指定發生的情況當用戶註銷（即餅乾被刪除）：

https://developer.mozilla.org/en-US/docs/DOM/navigator.id#ObserverMethods