Hello all, ill just start by saying i have read other posts on this forum about this subject and non of them help (i have also read the docs and there is nothing pointing me to a solution on there)
I am dealing with very sensitive data and for this reason when the browser or tab is closed, users should be logged out of both my application and not be able to call my API’s. i am using nextjs-auth0 with default settings.
As far as i can tell (from looking at the library’s code) the /api/auth/logout
endpoint will clear the Application Session Layer however because i am unable to clear the ’ Auth0 Session Layer when the user opens the browser and visits the website again the auth0 tenant still thinks the user is logged in and will just set the cookie from what i now consider to be the last session that should of ended (i tested this by deleting the cookie from the browser and refreshing the page)
i use a javascript event to detect when the browser closes and tried using fetch to pragmatically send a request to the logout url “https://YOUR_DOMAIN/v2/logout” in order to log the user out of auth0 however this does not work.
has anyone got any ideas how my use-case can be implemented (without using short lived tokens as this does not solve my issue)