Hi there,
I followed
[1] auth0-golang-web-app/logout.go at master · auth0-samples/auth0-golang-web-app · GitHub
in my own code here: go-web-dynamo-auth0-starter/logout.go at main · kaihendry/go-web-dynamo-auth0-starter · GitHub
However it doesn’t appear to log out, i.e. clear the session-name. IIUC the session should be deleted but I don’t see it in your code [1] …
What am I missing please? 
Hi @hendry,
Hitting the logout endpoint will invalidate the SSO cookie on the Auth0 server. That is what is happening in that function.
Does that answer your question? Otherwise, please add some detail and I would be happy to address it. Thanks!
But the app’s session cookie is still present in this code logout sample. Surely the idea with log out is that auth0 SSO cookie is removed along with the App’s?
It appears that the method only addresses the Auth0 Session Layer.
In our quickstart example, there is some JS that removes the cookie client-side:
Although it sounds like you are wondering if it’s necessary to delete the app cookie on the server, no?
Thank you for the follow up!
I thought it might be more logical to delete the cookie from the server instead of client side.
Sorry, I’m a bit of newbie, but I thought the idea with JWT is that it’s all handled server side (not browser), via httpOnly. I’m also just puzzled how the refresh cycle works.
(ins)[hendry@t14s tmp]$ git clone git@github.com:auth0-samples/auth0-golang-web-app.git
Cloning into 'auth0-golang-web-app'...
remote: Enumerating objects: 500, done.
remote: Counting objects: 100% (87/87), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 500 (delta 56), reused 34 (delta 34), pack-reused 413
Receiving objects: 100% (500/500), 117.06 KiB | 261.00 KiB/s, done.
Resolving deltas: 100% (221/221), done.
(ins)[hendry@t14s tmp]$ cd auth0-golang-web-app/
(ins)[hendry@t14s auth0-golang-web-app]$ rg refresh
(ins)[hendry@t14s auth0-golang-web-app]$