Hi @rafael4
Thank you for posting your inquiry on the Auth0 Community!
I believe that your application does not delete the user cookies upon logout even after all the parameters have been set correctly according to our OIDC logout documentation.
You can attempt to delete all the user cookies as a potential workaround as follows:
/* LOGOUT ROUTER */
router.get('/logout', (req, res) => {
req.logout();
if (req.session) {
req.session.destroy(function (err) {
if (err) {
console.log(err)
}
console.log("Destroyed the user session on Auth0 endpoint");
res.redirect('https://<myapp>.auth0.com/v2/logout?client_id=<clientId>&returnTo=http://localhost:3000/');
});
}
});
Please keep in mind that the returnTo address is also under the Allowed Logout URLs.
You can read more about terminating an user’s session for OIDC in this Knowledge Article