Invalidate sso cookies

I wanted to follow up on this front @flle as two alternative solutions were brought up to me which doesn’t require us disabling the SSO flag on your tenants.

  1. You could also leverage the /logout endpoint and or have the app clear the local_storage cookie relevant to your application. All /authorize requests could be passed with prompt=login. No local cookie after logout means no Auth0 session will be honored on the authentication server.
    Logout

  2. Leverage a rule as previously mentioned by one of our engineers here:

Both these solutions enable us to leave your SSO enabled just in case you want to use it at a later time vs disabling it all together. Please give this a look and let me know how you would like to proceed forward. Thank you.

1 Like