Auth0 Logout Not Fully Clearing Session on Azure Static Web Apps

dato.bobokhia · March 3, 2025, 12:09pm

I’m experiencing an issue where logging out from Auth0 works locally but fails on Azure Static Web Apps. Even after calling /api/auth/logout, the session remains active, and Auth0 cookies (appSession, auth_verification) are restored.

What I Have Tried:

Ensured the Auth0 logout URL is correctly set in the Auth0 dashboard.
Used /api/auth/logout instead of a direct redirect to Auth0’s logout URL.
Tried clearing cookies manually (client-side and server-side) but appSession persists.
Called /.auth/logout before redirecting to /api/auth/logout. However, a cors error occurs when making this request.
Disabled caching using Cache-Control: no-store, no-cache, must-revalidate.
Tested in Incognito mode to rule out local caching.

Observations:

Deleting cookies manually via the browser instantly logs out the user, but doing so via code does not work.
Azure appears to be restoring the session cookies after logout.

Questions:

Is there a way to prevent Azure from persisting authentication cookies?
How can we fully clear the Auth0 session when logging out on Azure Static Web Apps?

vlad.murarasu · March 3, 2025, 8:54pm

Hi @dato.bobokhia,

Welcome to the Auth0 Community.

I found this issue on the Static Web App Github repo with this comment saying logouts from custom IdPs are not supported:

github.com/Azure/static-web-apps

How to properly make my SWA logout from a custom identity provider?

opened 10:10PM - 01 Oct 21 UTC

brenoalvs

I saw this similar issue and I think this is a bug. https://github.com/Azure/st…atic-web-apps/issues/529 But I would like to understand better if this is something that will be fixed or do we really need to make the "reverse flow" to make it work. (Logout from IdP redirecting to app logout url). **Describe the bug** The app does not completely logs out when we visit the /logout url with a custom identity provider configured. **To Reproduce** Steps to reproduce the behavior: 1. Setup a custom identity provider 2. Login into the app 3. Then logout 4. The SWA app will be logged out but not the custom provider. 5. If you visit any url that requires authentication the app logs you in without requesting for credentials again. **Expected behavior** Logout from the SWA and from the custom identity provider.

This thread has some fixes that could work for your case.

If you have any other questions feel free to ask us.

Have a good one,
Vlad

system · March 17, 2025, 8:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
V2/logout not clearing auth0 session cookies new issue Get Help	3	2410	May 25, 2022
V2/logout not clearing auth0 session cookies Get Help logout , auth0 , cookie	8	9045	April 1, 2025
Disable SSO Session/Cookie entirely Get Help auth0 , sso , session , cookie	5	10708	August 27, 2019
Redirecting to the auth0 logout endpoint shows Successful Logout but the auth0 session remains logged in Get Help logout , sessions	5	25	April 5, 2025
Clear cookies upon logout Get Help classic-universal-login-experience , login-experience	4	3430	January 23, 2023

Auth0 Logout Not Fully Clearing Session on Azure Static Web Apps

Related topics