Hey - that’s not the most usable solution though, as a non-persistent cookie will be removed on closing the browser, requiring a re-login if I close the tab/browser session.
Also, the cookie isn’t the issue here - as I mentioned, the cookie is removed with the /api/auth/logout call, the issue is that some other magic is logging the user back in without logging in if its within a time period of the logout.
For me, logout should mean logout, I don’t understand how this behaviour is useful or secure.
Hence needing this nuisance of needing to use the OIDC logout - suggesting something about the auth0-nextjs library is checking with Auth0 to see if the user is “logged in at the identity side” which needs to be something we can opt out of.