Single Log Out from SPAs Opened in Different Windows Without Relying on 3rd party Cookies

Problem statement

In a scenario where a user has two open windows or tabs, say SPA 1 and SPA 2, when the user clicks the “logout” button on the SPA 1 window, can they be logged out from the App on the other window, SPA 2 as well? Is this possible without relying on 3rd party cookies as they are unavailable within some browsers?

Cause

When 3rd party cookies are available, leverage silent authentication to check if the user has an active session with the Auth0 Layer.

If the user has no session, the silent auth method will return an error with the message “Login required.” After catching this error, you can poll the session periodically and log the user out from the application.

However, this approach does not work if 3rd party cookies are unavailable since an Auth0 tenant stores its session in a cookie.

Solution

If applications share a parent domain, you can leverage the “cookieDomain” option:

This will ensure the cookie is accessible across multiple subdomains. Single Log Out across multiple windows/tabs will not be available if the applications do not share a parent domain.

NOTE: Be careful about the polling cadence to avoid rate limiting.