Login cookies aren't deleted in logout - auth0-js@9.8


Currently, in our SPA we use auth0-js@9.8 as an authentication and authorization provider. In auth0 dashboard we have 2 configured tenants:

  1. prod
  2. staging

When users trying to login on prod - auth0 cookies are created (com.auth0.* and ci%2F*), and not cleaned immediately (cookie cleanup should work as default according to docs). After few logins from different accounts we end up with cookies pollution - https://i.imgur.com/oVJGMZm.png, which eventually leads to login fail (after login fail you should clean cookies on browser by hand to fix auth process).

We added cookie-cleaner function to our app, which evoked on logout, but it didn’t work, because on prod auth0 cookies have HttpOnly status. Speaking of staging - behavior is different. Auth0 cookies don’t have HttpOnly status, so we can manually clean them.

For both prod/staging code is the same, the difference is present only in config object(authClientId and authDomain).
Actual auth logic of our app is listed in this file - https://gitlab.com/-/snippets/2033297

Any idea what’s the problem?


Can someone help us with this, please? it became urgent for us.