Hi,
I have a SSO logout question. (Another one of those things that should be theory is easy, but in the real world isn’t.) Basically I have 4 different applications, all using different backend tech (python, typescript, ruby), with front-end either SPA or Next JS app. I’ve setup SSO to share login session across the apps, but when it comes to logging out, I seem to have a problem where if I logout of app A, I’m still logged-in to app B.
I’m sure this can’t be a new problem, so asking what is the best approach to ensure that logging out from app A, means I’ve logged from all ( app B, app C, app D)?
Thank you in advance,
Noel
Hi @noelt.dolan
Welcome back to the Auth0 Community!
From what you are describing, it appears that you are clearing the application session of the specific user but not their entire session with Auth0 so that the other applications are logged out as well. You can read more about the different session layers in our documentation.
May I ask how is the user connected to multiple apps? Do all the apps use the same tenant with similar user stores? If so, you might want to either redirect the user to the /logout endpoint so that you completely erase their sessions with all their applications. However, if the user’s sessions are being persisted by those applications as well, you might want to look into deleting all of their sessions by using the Management API.
If you have any other questions, let me know!
Kind Regards,
Nik