I have added (OIDC) authentication to a Django-based website using a generic OIDC support API rather than one dedicated to Auth0, which was successful, with one problem remaining. How to support session timeout. Auth0 supports this, and Django also supports this, both sessions need to be maintained.
I attempted to use Django session timeout which upon expiry calls the Auth0 logout endpoint but though logs showed no error, logout in Auth0 doesn’t actually occur as re-login occurs with prompting. This is similar behavior to what others have encountered. The logs show the user_id and username are blank which is probably due to the Auth0 session cookie not being present in the request – note this request doesn’t originate from the browser but from the website.
Simply expiring the Auth0 session (too, or in addition to) is no good because the session timeout timers (Django,Auth0) would not be in agreement, and Django by design maintains it’s own session.
But this doesn’t seem like a very out of the ordinary problem, what is the normal means of addressing this?