I'm using 'omniauth' and 'omniauth-openid' gem for my rails applications. Log in works as expected, it creates a new session after call back from openId provider. The problem is with logout.
In my controller, i'm having this code to destroy session.
def destroy
session.delete(:user)
@current_user = nil
redirect_to root_path
end
My logout route is calling this action. When i logout, i see that the user on the session is set to nil as expected. Now when i enter the homepage URL, my helper method is checking to see if the user is already logged in, and it returns false at this point and redirects to the '/auth/open_id?origin=request.url' as expected. The problem starts here, Now before i even provide the credentials, the provider POSTs callback and creates new session with the same user. What am i doing wrong?