Threaded Mode | Linear Mode

06-27-2012, 11:06 PM

I am sure this is a noobish question, but I can't find an answer thus far.

I have just installed the client/server sso, and I am attempting to figure out the user deletion portion of this software. I understand that you can lock a user, but I am unable to delete one.

Also, after creating 3 test users, my database shows only one user, with an ID of 3. When I log in using the test.php on the site, after a login success the test php shows that user with an ID of 1.

Do these errors make sense?

**thruska** · 06-28-2012, 10:06 PM

Yes, this makes sense (to me anyway). The Generic Login provider is just one of many possible providers and all the SSO server understands is when a provider says it is okay to continue to the next step. Right now there are only three providers but I'm planning on adding more. It is possible to create an account with the Generic Login provider and never sign in into it. Once you successfully sign in, the information flows through to the SSO server account, which gives the account an ID at that time. It seems weird but makes a lot more sense when multiple providers are involved.

All three users should be in the Generic Login database. There are two search engines for finding Generic Login provider users: The global SSO server account system and the Generic Login provider account search.

tl;dr: The system is working as intended.

As to deleting users, I'm not sure what purpose that serves. If it is to deal with spammers, the user can just go back and create another account with the same information. A better approach might be to write a script that scans the database looking for a couple of different things:

- Generic Login provider accounts that have never been verified and are more than 7 days old.

- Generic Login provider accounts that have never been logged into and are more than 30 days old.

- Locked accounts that have been locked for more than 30 days.

I'd view those as safe deletions plus it doesn't immediately delete locked accounts just in case it was an accident. And you get to customize how you want deletions to happen (if at all).