Hoping someone can help me out.
Are there good instructions to follow to get logout working with mod_auth_openidc and apache?
I’m trying to follow the solution here:
but even just calling the URL in step 1 isn’t clearing the cookies. Before trying to figure this out myself, I was wondering if anyone else has gotten this to work.
are you being literal and checking that after the call to the logout endpoint the cookies are cleared on the client-side?
The reason I ask is that at this time the logout endpoint invalidates the session associated with the cookie that was sent as part of this request, but actually does not clear the cookie. This means the cookie may live on in the browser side and sent in a subsequent request, however, the session should be invalidated so this is mostly an implementation detail.