How to force login page in Go?

I’ve followed the Go SDK quickstart here: Auth0 Go SDK Quickstarts: Add Login to your Go web application

And I have an app with working auth.

The problem is I need to force the user to go back through the login process after the auth-session cookie expires.

This is what I have in my isAuthenticated middleware:

profile, ok := session.Values["profile"].(map[string]interface{})
if !ok {
	http.Redirect(w, r, "/login/", http.StatusTemporaryRedirect)
} else { ...

This triggers when the cookie expires, but the redirect to the login page fails with a cors error.

And if I just manually enter the address in the address bar the app goes back through the auth process and loads like normal.

So the cookie expiration has no effect on a manual page load.

If I change the middleware to redirect to /logout/ on !ok the browser tries to go to the Auth0 hosted login but doesn’t load.

It fails with an error saying the page was redirected too many times.

What am I missing?

How do I fix this?

Just adding some context.

I resolved the CORS issue for now. I was using HTMX to do the redirect which was causing the issue.

Doing plain HTML redirects fixes the CORS issue.

But this still doesn’t work correctly.

Redirecting to /login for an expired token doesn’t bring up the login page.

It just automatically logs the user back in.

I’ve verified this in the network tab of my browser.

It redirects to /login.

Then to the Auth0 hosted login page.

Then to my callback url.

Then back to the app.

I’m using the same logic and login flow as the Go SDK quickstart.

How do I fix this?