We are investigating the different ways we can implement a single logout solution. Our use case involves:
- Three web applications using cookies (three client IDs)
- A custom auth domain
- One of the applications is on a different subdomain
- We are not using 3rd party idPs like google, linkedin, etc
Based on the documentation, the two recommended approaches are to either a) poll the session at 15 minute intervals via checkSession or b) implement a logout notification layer (I think using refresh tokens might be an alternative, as well).
I wanted to get some feedback on:
- If polling can happen at shorter intervals without risk to rate limits. 15 minutes is a long interval from a UX perspective.
- If building a notification layer with something like SNS/SQS or SSE’s from a dedicated backend service has worked for others
Are there other (simpler) solutions the community has found? FWIW, we are using the nextjs auth0 SDK.
Thank you in advance.