ChatPlus - Logging out & Security Issues

Greetings ChatPlus Folks -

I noticed a Logout issue which can be very confusing to my members and potentially a critical security hole.. Here is why ?

When I logout off the site, my Acct stays logged in on Chat, and when I logout of Chat, my Acct stays logged in on the site..

In other words, I have to logout TWICE from Chat and from the site in order to logout completely from my site.  This could be a major problem..
If one of my members logs out from the site, he/she will think they are completely logged out, and if they are in a public area, anyone can take over their Chat while they are gone.. Not good !

Is there a way to make sure if he/she Logs out from Chat or from the site, they should be completely logged out from both Chat & the Site ?
Or at least a Chat session should be applied in the even it is not used for let say 15 min, then it should time out.. But still it is not a good solution..

This could be a major security hole which can lead to potential problems.. Not sure if anyone has noticed this, or just me tripping..

Thank you.

one of the confusing - yet important things - regarding the Chat+ is that it is its own stand alone product. It is not a Dolphin or Boonex product and was not specifically meant to work with a Dolphin site - although OAuth with many other platforms is available - including a Dolphin site.

With this fact - nothing you do in your Dolphin site will affect your Chat server and vice versa - they are two totally separate identities. Now - it does allow a user to receive push notifications even if they have logged out of the Dolphin site.

Now - if the Boonex team would check out version 25 of Rocket Chat - it allows for an iframe login - using APIs. this may be another viable option for logging in with a Dolphin site - that may also log users in and out of chat server - but not completely sure.

ok - I had been thinking of this for a while - and it dawned on me today why the two are separate - and might need to stay separate.

Push Notifications. In order for Push notifications to work - there needs to be a token set and active for the user. The only way this token is active - is if the user is logged in. So, if a user logs out of the dolphin site - it is very possible that the user may still want to receive notifications of any chat events concerning them.

Now - this leads to an added feature. The ability for the user to choose whether or not they want to remain logged into the chat when they log out of the dolphin site. maybe a small popup block with the question - upon clicking logout, or adding to the logout page itself. It does still leave the issue where logging into dolphin site also logs into chat server. But with new script adding feature - maybe something can be figured out.