Coffeehouse Thread

24 posts

Microsoft Accounts / Live Id signing out completely broken

Back to Forum: Coffeehouse
  • User profile image
    Richard.Hein

    I've had enough of this nonsense; why can't I consistently sign out of one Microsoft Account into another or merge them?  It's absolutely ridiculous.  I can't sign into CodePlex at all, because it just keeps on trying to use the wrong account, and yes, I've tried signing out over and over.  If I can't figure this out how is the average user going to fare?  Half of the MS sites I use have this serious issue, including Channel9.  Now I upgraded to Skype and can't go back to my old ID at all.  I'd have to switch Microsoft Accounts in the Skype settings.  It's just a bloody nightmare, not to mention the EA/Xbox/Origin crap I went through over the holidays.  It's a crying shame.  Please, someone, tell me they are going to fix this crap.  I can't switch my CodePlex account to use my new Microsoft Account, it doesn't work.  I can't switch Channel9 to use my new Microsoft Account, I have to make a new one.  Very annoyed.

  • User profile image
    Richard.Hein

    Also related, searching People in Windows 8 is completely broken now.  I don't know what happened, but no results are returned, ever, except those from one Exchange account.  How/why/when did that start happening?  Anyone else see that? 

  • User profile image
    andychopp

    I had the same issue.  Under IE Advanced settings, uncheck "Enable Integrated Windows Authentication" and "Enable Enhanced Protected Mode".  Clear the browser cache and restart the browser.  

    If you have "Enable Enhanced Protection Mode" checked, you will not be able to sign out of a live account.  Another solution is to us a different browser.  

  • User profile image
    blowdart

    TLDR: Clear your cookies.

    So keep in mind I don't work for LiveID/Microsoft account etc, however single sign on etc. do fall into my day to day work.

    Basically it's browsers, and their increasing security. Let's think about how single sign on works

    1. You browse to a web site that accepts OpenID, facebook logons, LiveIDs, whatever.
    2. You click sign on
    3. It goes to the identity provider.
    4. The identity provider has a check box which says "Keep me logged in"
    5. You check that box and login
    6. The IdP drops a cookie which says "Keep me logged in". This cookie can only be seen by the IdP.
    7. The IdP forwards you, via a form submit usually, which an identity token in the message.
    8. The original web site picks the token apart and logs you in.

    Now - logout. You can logout from the original site, because the original site can clear it's own cookies. What it can't do is clear the "Keep me logged in" cookie that the IdP dropped in step 4 because of the browser's same original policy. As browser security increased the ways to get around SOP were closed.

    It's not just a LiveID problem, it's any 3rd party IdP which allows you to have a "Keep me logged in" function which will send a token back without any interaction.

    So the only way to logout is to delete the cookie dropped in step 4. Look for live.com. live.net etc cookies and scrub them.

  • User profile image
    Richard.Hein

    Thank you both ... good to know Blowdart ... sigh ... sounds like we need an app for this, but I suppose security will prevent that from working as well.  

  • User profile image
    blowdart

    , Richard.Hein wrote

    Thank you both ... good to know Blowdart ... sigh ... sounds like we need an app for this, but I suppose security will prevent that from working as well.  

    Apps are different because they don't share tokens Smiley

  • User profile image
    JoshRoss

    I find that it is easier to create a local user account for each microsoft account. It's quicker, and more productive, to logon as another user than to clear my cookies.

    The whole codeplex + TFS + visual studio ecosystem is held together with duct tape. If someone were to try to fix it, you would end up with something like that fresco of Jesus, Ecce Homo.

    -Josh

  • User profile image
    magicalclick

    @Richard.Hein:

    Hotmail and MSDN forums are ok. I have your problem for years on Channel 9. It constantly wants me to register using another account and I can never get out of the registration page. In the end, I was forced to register and use that extra account whenever my account get stuck. But, Hotmail and MSDN forums are always fine.

    BTW, to people who doesn't know. Clear cookies does not resolve the issue.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    davewill

    @Richard.Hein: I have the same issues as well.  In my case I can confirm that whacking all the cookies seems to do the trick.

  • User profile image
    Deactivated User

    Comment removed at user's request.

  • User profile image
    kettch

    It's starting to sound like this juggling act needs to be a browser feature. Actually, it should probably be a standards thing, but let's not get crazy.

  • User profile image
    bondsbw

    blowdart, why can't logout work the same as login?

    1. User clicks the logout link.
    2. The site clears its cookie and directs you to the IdP logout page.
    3. The IdP asks you to confirm logout.  (This may be optional; leaving out this step could annoy users who click on malicious links that log them out.)
    4. Assuming logout is confirmed, the IdP clears its cookie.
    5. The IdP forwards you to a URL specified by the originating site.
  • User profile image
    blowdart

    , bondsbw wrote

    blowdart, why can't logout work the same as login?

    1. User clicks the logout link.
    2. The site clears its cookie and directs you to the IdP logout page.
    3. The IdP asks you to confirm logout.  (This may be optional; leaving out this step could annoy users who click on malicious links that log them out.)
    4. Assuming logout is confirmed, the IdP clears its cookie.
    5. The IdP forwards you to a URL specified by the originating site.

    The malicious use in 3 is why

  • User profile image
    bondsbw

    Still, confirmation would make that work better.

  • User profile image
    davewill

    Smiley Bing today won't let me log out.  Even whacking cookies doesn't fix it.

  • User profile image
    blowdart

    , davewill wrote

    Smiley Bing today won't let me log out.  Even whacking cookies doesn't fix it.

    Unpossible! (Actually, yea, login status is via a cookie. Dumping cookies has to log you out. Caching somewhere along the way maybe?)

  • User profile image
    davewill

    @blowdart: Odd for sure.  I opened Windows Azure and Channel 9 and logged into both.  Then I open bing (still see it is logged in) and click sign out for Microsoft account.  Windows Azure and Channel 9 BOTH are now no longer logged in.  Yet Bing is still.

  • User profile image
    blowdart

    , davewill wrote

    @blowdart: Odd for sure.  I opened Windows Azure and Channel 9 and logged into both.  Then I open bing (still see it is logged in) and click sign out for Microsoft account.  Windows Azure and Channel 9 BOTH are now no longer logged in.  Yet Bing is still.

    Spooky and weird.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.