C2DM Logout from Google Accounts

Question

I set up a simple Servlet for interacting with my Android app using C2DM.

From the Servlet I just log in to Google Accounts by doing a post to https://www.google.com/accounts/ClientLogin and sending these parameters in the body:

Email, Passwd, accountType, source and service (set to ac2dm).

I get the Auth, SID and LSID in reponse.

Right now my Servlet is being modified and deployed, and everytime I send the device registration ID from the mobile I login again to Google Accounts. I wonder if I have to logout before doing login again, or if there is no need to perform the login again.

I've been looking for some logout URL and I just found https://www.google.com/accounts/Logout but I have no idea on what parameters I have to send.

So my questions are, is my login a good approach? Do I have to relogin? If yes, I guess I have to logout first, so what parameters is the server expecting?

Any comment would be appreciated ;-)

Answer 1

You don't need to logout. When you perform the login when already logged in, you'll typically get a different Auth, SID and LSID. The old Auth, SID, LSID and the new ones are both valid and can still be used. The authorization will expire after some time (days) and then you have to re-login off course.

Currently I'm looking for a method to force logout, so that all authorization codes retrieved earlier are blocked.

You can verify this yourself using CURL:

curl https://www.google.com/accounts/ClientLogin -d "Email=YourAccount" -d "Passwd=YourPassword" -d "accountType=GOOGLE" -d "source=Google-cURL-Example" -d "service=ac2dm"

curl --header "Authorization: GoogleLogin auth=YourAuth" "https://android.apis.google.com/c2dm/send" -d registration_id=YourPhoneRegistrationID -d "data.payload=YourMessage" -d collapse_key=0

On success curl will return a message id (id=...), otherwise with an error.