Hi, I have a client that uses auth0 for 3 of their sites. When a user logs out of one of the sites and then signs back in it automatically signs them in and does not ask for credentials. Is there a way to completely clear their cookies so once they logout and then click the sign in button they aren’t already authorized? Our client has users that share computers so this is a big issue when user #2 is automatically signed into user #1’s account.
/logout endpoint will clear the session and the subsequent login requests should require new credentials.
Can you determine if your user are hitting that endpoint when they are logging out?
Hi, we had previously implemented the logout endpoint in our logout method however it was still logging them in without asking for new credentials. I had found in the api docs that the logout api just invalidates the Single Sign-on (SSO) cookie in Auth0 but the cookie still remains in the browser, I’m assuming that is why it’s still signing them back in?
Could you please DM me a HAR file of the transaction you are describing?
i.e. Login with Credentials → Logout (with /logout endpoint) → Silent Login