I want to log a user out of my web app when they close the browser. A colleague suggested that I listen for a browser close event and then clean the session cookie when the event is detected. However, I’m concerned that clearing the cookie without calling the logout endpoint could potentially lead to problems. Is this a valid concern?
Hi @rhysa
Welcome to the Auth0 Community!
The clearing of session cookies is a part of the logout process, so in general, it’s a rule of thumb to always log out users. Auth0 manages user’s sessions on both user and central level. Deleting session cookies can lead to inconsistent states between user devices. Instead of deleting a session, it’s better to, for example, set a shorter session timeout.
Thanks
Dawid
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.