I’ve followed the Go SDK quickstart here: Auth0 Go SDK Quickstarts: Add Login to your Go web application
And I have an app with working auth.
The problem is the quickstart assumes there will be unauthenticated routes to redirect to.
And it doesn’t show how to log the user out after the auth session cookie expires.
I need to force the user to go back through the login process in the isAuthenticated.go file in this function:
func IsAuthenticated(ctx *gin.Context) {
if sessions.Default(ctx).Get("profile") == nil {
ctx.Redirect(http.StatusSeeOther, "/")
} else {
ctx.Next()
}
}
So instead of ctx.Redirect(http.StatusSeeOther, "/") I need them to log back in. I currently have this function redirecting them to ‘/login’.
This works in a new browser session with no auth session cookie.
But it breaks if they’ve already logged in and then the auth session cookie expires.
In that case redirecting them to /login doesn’t force the login page. It just sends them back to the app as if they had already successfully logged in.
So it’s essentially a permanent session.
So far nothing I have tried has worked.
Redirecting them to ‘/login’ and redirecting them to ‘/logout’ don’t work.
Is this documented somewhere?
What am I missing?