I develop web services which uses Auth0 as an SSO authentication provider.
I found an issue about sign-out detection with multi sites.
Could someone give me good solution for the issue, please?
- There’re some web sites which are called “site A” and “site B” using CMS/CMFs.
- As SSO the user is already signed-in via Auth0.
- The user signs-out on site A.
- Unfortunately, site B still keeps sign-in state for the user.
My expectation is all sites have sign-out detection feature, and in “4.”, site b detects sign-out for the user.
What the best way is that? Do someone have good ideas?
In my current thinking, one of the solution is that I may use calling userinfo API by the user access. (with interval a few seconds, just in case of DDoS)