I’m experiencing an issue where logging out from Auth0 works locally but fails on Azure Static Web Apps. Even after calling /api/auth/logout, the session remains active, and Auth0 cookies (appSession, auth_verification) are restored.
What I Have Tried:
Ensured the Auth0 logout URL is correctly set in the Auth0 dashboard. Used /api/auth/logout instead of a direct redirect to Auth0’s logout URL. Tried clearing cookies manually (client-side and server-side) but appSession persists. Called /.auth/logout before redirecting to /api/auth/logout. However, a cors error occurs when making this request. Disabled caching using Cache-Control: no-store, no-cache, must-revalidate. Tested in Incognito mode to rule out local caching.
Observations:
Deleting cookies manually via the browser instantly logs out the user, but doing so via code does not work.
Azure appears to be restoring the session cookies after logout.
Questions:
Is there a way to prevent Azure from persisting authentication cookies?
How can we fully clear the Auth0 session when logging out on Azure Static Web Apps?