Hi @mike.wang
Welcome to the Auth0 Community!
I understand that after using clearSession and trying to login again, even as a different user, the previous session is not fully removed and you are logged in as the initial user.
This behaviour is caused by the browser retaining the session cookie and the external IdP not terminating it’s session. If a new login request is being made during this time, the active session is retained and used to complete the authentication.
Instead of relying solely on clearSession to manage the browser state, pass prompt: 'login' when calling the /authorize endpoint, when the user clicks the sign-in button. This tells Auth0 (and subsequently the IdP) to ignore the existing SSO cookie and force the user to re-authenticate. When prompt=login is used, the user is forced to log in irrespective of whether a valid session exists or not.
Allow me to share some useful resources on this matter:
Please let us know if this helped solve the issue on your end!
Best regards,
Gerald