User logout - Session need to be clear at Application Session Layer and Auth0 Session Layer. While invalidating the session from the Auth0 side, the given API works with CLIENT_ID which is at Application level and Can’t see any option of sending the Authentication token with request.
How to manage with the logout of a particular user ? How Auth0 will know the user which is needed to be logout ?
Hi @avinash.singh1,
The logout endpoint uses a session cookie to determine the user session that should be terminated.
Hope this helps!
Hello Dan, Thanks for your reply!
I can see the expired cookies in the response. May be it’s a very basic question but when we will call the logout endpoint, how the API knows which user needs to be logout as we are not passing any user specific information in the logout API request. Is there any user reference in the response cookies ?
The API uses the cookie in the request to identify which session to terminate.
In terms of Auth0 login pages (Classic/Universal) it’s fine and it may work but in case of “Machine to Machine” or “Regular Web Application”, how to handle it ? There are cookies coming from the web page/App but not sure which cookie we need to pass with the Auth0 request .
There is no user in a Machine to Machine transaction so we can ignore that flow.
A regular web app still have a session that can be invalidated. Are you using an SDK? You shouldn’t need to choose which cookies you are sending with a request. Most of our SDKs will handle logout for you.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.