Successful logouts but can still access application

I have made a website that uses Auth0 to authorise logins such that only a selected group of people can access the site. Initially, everything was working fine: when I hit the logout button, which I have linked to…, I get a ‘successful logout’ in the logs, but the user is still logged in on the machine.

Also, if I delete that user, it is still able to access the website even when I clear the cache. What am I doing wrong? It worked to begin with and was logging users out, so I’m not really sure what’s changed.

Here is an example log:

  "date": "2020-06-01T16:20:21.133Z",
  "type": "slo",
  "connection_id": "",
  "ip": "xxxxxx",
  "user_agent": "Firefox 76.0.0 / Ubuntu 0.0.0",
  "details": {
    "return_to": "",
    "allowed_logout_url": [
  "hostname": "",
  "user_id": "",
  "user_name": "",
  "log_id": "90020200601162021674000961135406587725689343872541392930",
  "_id": "90020200601162021674000961135406587725689343872541392930",
  "isMobile": false,
  "description": "User successfully logged out"

I find it strange that the user_id and user_name are both empty - when I use the test it says that my user would have an ID and a user name.

I would like to add that I have made a new tennant, tried the whole thing again but now somehow it is doing the same thing even though I haven’t even registered any allowed callback URLs. The login works, then it logs out, but then the user is still permitted access even when technically not logged in. I suppose this is a cookie issue as when I clear cookies it prompts me to log in again - but how do I clear cookies on logout?

Hi @josephhic

From the situation you’ve described in your first post, it sounds you haven’t logged the user out of your application and you’re just calling the logout endpoint in Auth0. This will clear the session in Auth0 for the user, but not clear any sessions in your application that you use to track that the user has logged in.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.