Just a quick question regarding the session/cookie Auth0 keeps when using sso.
Is it possible to disable it entirely? I know you can clear it by redirecting your users to the logout page, but this will not do for me.
A bit of context to understand why I need this.
The application I’m working on is a multi-tenanted app, meaning if you’d be able to go to https//myapp.com/myTenant you should not be able to go to https//myapp.com/yourTenant
Now when a user logs in in Auth0 successfully (we’re working with a different connection per tenant to make sure a user only successfully authenticates with the correct tenant) a cookie will be set. If a user now tries to login in a different tenant, Auth0 will find a cookie and authenticate the user even though it’s a different connection this time.
What I’ve tried:
prompt=loginto the login URL, this is however unreliable (also not a good UX, don’t want user to logged out in there Idp, just in Auth0)
- logging the user out in Auth0 after login in in our app ( I know right ) but that created issues with allowed redirect URL because we have redirect URL’s after login (for example go directly to a specific page based on whatever variable after login), and I can’t possibly white-list all those 100+ in the Auth0 dashboard
- Decreasing session timeout to the lowest value ( apparently 1 minute) but this is still enough time to get authenticated for the wrong tenant.
Sorry for my rambling Is my issue clear?
Let me know if I need to provide more info.
Thanks in advance!