OAuth/Twitter flow question

Hi, for those using OAuth for a Twitter-based app, I'm wondering what
page you take the User after they click on a "logout" link.

Do you take them to a simple login page where you simply display the
standard Twitter-brand "Log in with Twitter" image button?

If they're still logged into Twitter itself, though, then they
haven't really logged out of your app either, even if
contrib.auth.logout does clear the session.

Here's why: All they need to do is literally type in one of the main
URL's on your page, such as www.yourtwitterapp.com/listYourDMs, and if
you're using login_required(), then they get directed to the login
view, which then does the back and forth with Twitter, etc.. and then
they're logged in again.

I'm wondering if I should be displaying a message on the page after
they logout, stating: "You need to also log out of Twitter in ensure
you are logged out here" or something to that effect.

Just curious as to how anyone else is doing that
Steve

( maybe I should be setting settings.LOGIN_URL - which
login_required() takes you to - to a page that simply displays the
"log in with twitter" button - I think I'm trying to follow the
example listed on simplegeo's Oauth2 github page too closely, and need
to make this one change )

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.