I got an issue with logging users out after I set the
AUTH0_COOKIE_DOMAIN environment variable.
After setting it to a
.domain.com address (my apps run on subdomains), I wasn’t able to log out correctly. Looking at the
/api/auth/me profile site (running on
auth.domain.com), I saw that the session data of the user did also not update when changing the
app_metadata for example.
A direct call to
/api/auth/logout didn’t work and redirected me to my application (which needs authentication, so it was clear that the logout didn’t log me out)
I got it fixed by manually removing the cookies, but I hardly doubt that this is actually a solution.
Does someone know what exactly the issue was and how I could fixed it correctly?