使用ADAL交互流时，有两个地方存储了登录状态。第一个是令牌缓存，它完全在应用程序的控制之下。调用[authContext.tokenCacheStore removeAllWithError：& error]是一种清除所有缓存令牌的好方法，可以在不启动浏览器的情况下停止ADAL登录。

There are two places where sign-in state is stored when using an ADAL interactive flow. The first is the token cache that is entirely in the control of the app. Calling [authContext.tokenCacheStore removeAllWithError:&error] is a good way to clear all cached tokens and stop ADAL from being able to login without launching the browser at all.

但是，服务器也会在浏览器cookie中跟踪登录状态。服务器将记住用户已登录到服务器，直到cookie超时或被删除。当ADAL检查缓存并且找不到合适的令牌时，它将启动webView。服务器将找到一个cookie然后以静默方式签署用户。浏览器cookie在很大程度上隐藏在ADAL之外。 ADAL库可能会提供一个清除所有cookie的注销功能，但如果应用程序由于某种原因依赖于其他cookie，则会产生副作用。

However, sign-in state is also tracked by the server in browser cookies. The server will remember that a user was signed-in to the server until the cookie times out or is removed. When ADAL checks the cache and doesn't find a suitable token it will launch the webView. The server will find a cookie and then silently sign the user in. Browser cookies are largely hidden from ADAL. The ADAL library could potentially provide a sign-out function that clears all cookies, but this would have side effects if the app was depending on other cookies for some reason.

有两种方法可以解决这个问题。如果您只是想退出并且不介意清除所有webView cookie，那么在清除缓存后，清除所有浏览器cookie，如下所述：

There are a couple of ways of working around this. If you simply want to log out and you don't mind clearing all webView cookies then after you clear the cache, clear out all browser cookies as described here:

如何删除UIWebView的所有cookie？

这是核选项。另一个更微妙的选择是清除缓存，然后在调用带有ADPromptBehavior参数的aquireToken时使用AD_PROMPT_ALWAYS值。当您使用AD_PROMPT_ALWAYS时，会向AAD发送一个标志，使其忽略cookie并向用户显示新的提示。这使得cookie保持原位，从技术上讲，用户实际上并未注销。对于用户来说，他们似乎已退出并且能够稍后再次登录。当他们再次登录时，他们可以根据需要选择其他用户。

That's the nuclear option. Another, more subtle option, is to clear the cache and then use the AD_PROMPT_ALWAYS value in a call to aquireToken that takes an ADPromptBehavior parameter. When you use AD_PROMPT_ALWAYS a flag is sent to AAD that causes it to ignore the cookies and surface a fresh prompt to the user. This leaves the cookies in place so technically the user is not actually signed out. To the user, it appears that they were signed out and have the ability to sign in again later. When they sign in again they can choose a different user if they prefer.

这也是您处理多个用户登录的方式。如果您已经有用户登录但想要添加另一个用户，请不要清除缓存并在下次调用acquireToken时传递AD_PROMPT_ALWAYS。服务器将显示一个新的登录提示并返回一个新令牌。该令牌将存储在该ADAL缓存中。您可以通过调用acquireToken并传递userId来获取特定用户的令牌。

This is also the way you would handle sign-in with multiple users. In the case where you already have a user signed in, but want add another, do not clear the cache and pass AD_PROMPT_ALWAYS on the next call to acquireToken. The server will surface a fresh sign-in prompt and return a new token. That token will be stored in that ADAL cache. You get the a token for a particular user by calling acquireToken and passing a userId.