Hi,
Currently, in our SPA we use auth0-js@9.8 as an authentication and authorization provider. In auth0 dashboard we have 2 configured tenants:
- prod
- staging
When users trying to login on prod - auth0 cookies are created (com.auth0.* and ci%2F*), and not cleaned immediately (cookie cleanup should work as default according to docs). After few logins from different accounts we end up with cookies pollution - https://i.imgur.com/oVJGMZm.png, which eventually leads to login fail (after login fail you should clean cookies on browser by hand to fix auth process).
We added cookie-cleaner function to our app, which evoked on logout, but it didn’t work, because on prod auth0 cookies have HttpOnly status. Speaking of staging - behavior is different. Auth0 cookies don’t have HttpOnly status, so we can manually clean them.
For both prod/staging code is the same, the difference is present only in config object(authClientId and authDomain).
Actual auth logic of our app is listed in this file - Auth code ($2033297) · Snippets · Snippets · GitLab
Any idea what’s the problem?
Thanks,
Dor