Auth0 Logout Not Fully Clearing Session on Azure Static Web Apps

dato.bobokhia · March 3, 2025, 12:09pm

I’m experiencing an issue where logging out from Auth0 works locally but fails on Azure Static Web Apps. Even after calling /api/auth/logout, the session remains active, and Auth0 cookies (appSession, auth_verification) are restored.

What I Have Tried:

Ensured the Auth0 logout URL is correctly set in the Auth0 dashboard.
Used /api/auth/logout instead of a direct redirect to Auth0’s logout URL.
Tried clearing cookies manually (client-side and server-side) but appSession persists.
Called /.auth/logout before redirecting to /api/auth/logout. However, a cors error occurs when making this request.
Disabled caching using Cache-Control: no-store, no-cache, must-revalidate.
Tested in Incognito mode to rule out local caching.

Observations:

Deleting cookies manually via the browser instantly logs out the user, but doing so via code does not work.
Azure appears to be restoring the session cookies after logout.

Questions:

Is there a way to prevent Azure from persisting authentication cookies?
How can we fully clear the Auth0 session when logging out on Azure Static Web Apps?

vlad.murarasu · March 3, 2025, 8:54pm

Hi @dato.bobokhia,

Welcome to the Auth0 Community.

I found this issue on the Static Web App Github repo with this comment saying logouts from custom IdPs are not supported:

github.com/Azure/static-web-apps

How to properly make my SWA logout from a custom identity provider?

opened 10:10PM - 01 Oct 21 UTC

brenoalvs

I saw this similar issue and I think this is a bug. https://github.com/Azure/st…atic-web-apps/issues/529 But I would like to understand better if this is something that will be fixed or do we really need to make the "reverse flow" to make it work. (Logout from IdP redirecting to app logout url). **Describe the bug** The app does not completely logs out when we visit the /logout url with a custom identity provider configured. **To Reproduce** Steps to reproduce the behavior: 1. Setup a custom identity provider 2. Login into the app 3. Then logout 4. The SWA app will be logged out but not the custom provider. 5. If you visit any url that requires authentication the app logs you in without requesting for credentials again. **Expected behavior** Logout from the SWA and from the custom identity provider.

This thread has some fixes that could work for your case.

If you have any other questions feel free to ask us.

Have a good one,
Vlad

Topic		Replies	Views
V2/logout not clearing auth0 session cookies new issue Get Help	3	2378	May 25, 2022
V2/logout not clearing auth0 session cookies Get Help logout , auth0 , cookie	6	8883	July 25, 2024
Disable SSO Session/Cookie entirely Get Help auth0 , sso , session , cookie	5	10680	August 27, 2019
Clear cookies upon logout Get Help classic-universal-login-experience , login-experience	4	3284	January 23, 2023
Nextjs Auth0 Logout and auto sign in Get Help logout , sessions	2	719	May 17, 2024

Auth0 Logout Not Fully Clearing Session on Azure Static Web Apps

Related topics