Auth0 Home Blog Docs

Clear the SSO cookie in Auth0 when .NET Cookie Expires

sso
timeout
mvc
owin
cookie

#1

We are using ASP.NET (OWIN) integration in our MVC application.
When our Asp.net cookie expires, we are correctly redirected to the login which provides the Auth0 login, however because the Auth0 SSO cookie is still valid, the user can just click the account link and be logged back in.
How can we log the user out of Auth0 (SSO cookie) when our cookie ExpireTimeSpan expires? Can we set the timeout for the Auth0 SSO cookie somehow?
Thanks!


#2

I found a way to make it work.

I added a new Action (LogoutLogin) to the Account controller that logs the user out of Auth0 then redirects to the login action, then I modified my CookieAuthenticationOptions.LoginPath to point to the LogoutLogin action.

When the .NET cookie expires, the user is redirected to LogoutLogin, which logs them out of Auth0, then they are directed to the Login action and are asked to re-enter their credentials.


#3