I would like to have all cookies related to a users session deleted upon logout, but it does not appear that the auth0-js sdk does this. Is there an easy way to accomplish this?
The SDK’s should only simplify the way the logout endpoint can be called by an application so this would likely be more related to the behavior of the endpoint that a specific SDK that surfaces a way to call that endpoint.
If the logout endpoint is executed in the context of a browser session that previously had an authenticated user session then that session is invalidated and the user will no longer be considered authenticated. However, achieving this requirement (logging out a user) does not strictly require that all cookies be removed.
In other words, calling logout will invalidate the user session if one existed before, but how that is accomplished is mostly an implementation detail. Can you clarify if you strictly require that no cookies exists after the logout is performed or are you simply experiencing issues with calling logout? As in, you call logout, but the user remains authenticated.
100% agree that the logout functionality should in some manner invalidate the users existing session. The reason I am asking is that we are experiencing issues (caused elsewhere) where users with invalidates cookies still present in their browser are unable to successfully login for various reasons (eg. Invalid JTI) which have typically been resolved by clearing the browsers cookies related to the users session.
I suppose that although logout the functionality is working as designed, does the Auth0.js sdk provide an easy way to delete all cookies related to it?
Thanks for clarifying, I’m afraid I’m unaware of any SDK/endpoint that would perform the equivalent of clearing all cookies for the service action as an end-user can perform within the browser itself. My recommendation would be to review the reported issues separately and see if there’s a different solution that would not require cookies being cleared. You should open a new topic with additional information about the issues and error messages; if you then post a link to it here I’m also happy to try to have a look.