I can’t find any document about this behavior
Hi @dieunguyen.lttn,
Welcome back on the Auth0 Community !
Yes, this is the normal behavior when integrating Auth0 for your application because sessions in Auth0 are cookie based, so once the logout button is pressed the session cookie will get invalidated, but it will not affect other browsers. This has to be handled manually in your application and there are 2 session layers that worth paying attention to, as mentioned in our documentation as well:
- Application Session Layer: The first layer is the session inside your application. Though your application uses Auth0 to authenticate users, you’ll still need to track that the user has logged in to your application. In a regular web application, you achieve this by storing information inside a cookie. Log users out of your applications by clearing their sessions. You should handle the application session in your application.
- Auth0 Session Layer: Auth0 also maintains a session for the user and stores their information inside a cookie. The next time a user is redirected to the Auth0 Lock screen, the user’s information will be remembered. Log users out of Auth0 by clearing the Single Sign-on (SSO) cookie.
You can also check out this community post and the articles within.
Thanks for posting your question and I hope this helped,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.