Issue 521: Sign Out is not clearing account info, so you can't change accounts
Status:  Released
Owner: ----
Closed:  Mar 2012
Reported by stadlera...@gmail.com, Apr 1, 2010
Affected Version:2.1.2.2

What steps will reproduce the problem?
1.  visit review.source.android.com
2.  click sign in
3.  click sign in with google account
4.  see my gmail identity
5.  click sign out
6.  try again

What is the expected output? What do you see instead?
An option to sign in as stadler@android.com
Instead it takes me directly back into gerrit with my @gmail.com identity

The workaround was to come here - to code.google.com/p/gerrit/issues - and sign out.

Once I did this, then I could repeat the steps back on gerrit, and it worked as expected.

So I think that "sign out" on gerrit might be broken.
Apr 12, 2010
#1 sop@google.com
I'm not sure what to do here.  Gerrit went to Google Accounts
and said "Sign me in".  Google Accounts immediately spat back
an authentication token, because you told Google to remember
your login to Gerrit and bypass the confirmation page during
the OpenID authentication cycle.

AFAIK, there isn't a way for Gerrit to say "force login anyway",
short of requiring you to enter your password every time.  Which
I could do...

You can adjust the current setting though by going to www.google.com
and sign-in to your @gmail.com identity.  Then go Settings, and visit
the known sites thing to un-remember review.source.android.com.  That's
what I've done with all of my accounts.  :-\

Should I start asking Google to validate your password on every auth?
Status: AwaitingInformation
Apr 12, 2010
#2 nas...@chromium.org
I think you can just log out of your google account from google.com as well, then when 
you go to review.source.android.com, you'll get prompted for an account to sign in 
with.
Apr 13, 2010
Project Member #3 Shane...@gmail.com
I'd rather that it was optional to make it request the password every time, I quite
like the convenience of hitting "Sign in" and then just being logged in.
Apr 13, 2010
#4 sop@google.com
ShaneMcC, I'm not sure how to make this per user.  How do I
know the user's preference for the type of authentication to
perform, before they have authenticated to an account?

I can't.  I don't even know what account they want access to.
Apr 14, 2010
Project Member #5 Shane...@gmail.com
I'm aware of this, I meant more of on a per-gerrit-instance level, I use my own gerrit 
instance a lot more than I use others, so I'd have that not force a password, and jsut 
go with whatever any other instance happened to use.
Apr 24, 2010
#6 sop@google.com
Fixed in I656d6fd31831a71edf15319b6d94503ac93f6f36

We now can set auth.maxOpenIdSessionAge to 0 on the
review.source.android.com server, forcing Google to
show the password prompt.  That will offer the user
a chance to sign-out and sign-in as another account
before finishing the sign-in with Gerrit.
Status: Fixed
Labels: FixedIn-2.1.2.3
Mar 27, 2012
#7 sop@google.com
(No comment was entered for this change.)
Status: Released