AngularFire: data is still accessible after logout

Question

I'm struggling with user authentication and authorization with AngularFire.

The issue is that once an authorized user is logged in and the data from Firebase is displayed, if I log out then the data is still displayed. I can detach the data from the scope (delete $scope.data) which makes it not display, but then if I log in again as an unauthorized user, the reference is reattached and the data is still there.

I guess the data is retained client-side somewhere. But how can I destroy it? I have tried replacing the Firebase reference by a new one each time I log out, in vain.

Here is the code:

<!DOCTYPE html>
<html ng-app="app">
<head>
  <title></title>
</head>
<body ng-controller="ctrl">

  <div ng-hide="loggedIn">Not logged In</div>
  <button ng-hide="loggedIn" ng-click="login()">Log in</button>

  <div>The data: {{data}}</div>
  <button ng-show="loggedIn" ng-click="logout()">Log out</button>

</body>
<script type="text/javascript" src="bower_components/angular/angular.js"></script>
<script type="text/javascript" src="bower_components/firebase/firebase.js"></script>
<script type="text/javascript" src="bower_components/firebase-simple-login/firebase-simple-login.js"></script>
<script type="text/javascript" src="bower_components/angularfire/angularfire.js"></script>
<script type="text/javascript">

angular.module('app', ['firebase'])

.controller('ctrl', function ($scope, $firebase, $firebaseSimpleLogin) {
  var ref = new Firebase(<ref>);
  var ngref = $firebase(ref);
  var auth = $firebaseSimpleLogin(ref);
  $scope.loggedIn = !!auth.user;
  $scope.login = function () {
    auth.$login('google').then(
      function (user) {
        $scope.data = ngref.name;
        $scope.loggedIn = true;
      }, 
      function (error) {
        throw error;
      });
  };
  $scope.logout = function () {
    $scope.loggedIn = false;
    auth.$logout();
  };
})

</script>
</html>

EDIT

It seems that this behavior has nothing to do with AngularFire. The code below uses the vanilla Firebase API and the result is the same.

var auth = new FirebaseSimpleLogin(ref, function (error, user) {
  if (error) {
    throw error;
  } else if (user) {
    $scope.$apply(function () {
      $scope.loggedIn = true;
      $scope.data = ref;
    });
  } else {
    $scope.$apply(function () {
      delete $scope.data;
      $scope.loggedIn = false;
    });
  }
});

$scope.loggedIn = false;
$scope.login = function () {
  auth.login('google');
};
$scope.logout = function () {
  auth.logout();
};

Answer 1

I'm a bit late (almost a year), however this can be fixed by removing the localStorage entry for "firebase:session::".

window.localStorage.removeItem("firebase:session::<host-name>");