V2/logout not clearing auth0 session cookies

Hi there,

I have a react SPA using auth0 SP with a SAML auth0 Idp for authentication. The login authentication is working great. the problem is the logout, when users click on a logout button, it triggers the logout auth0 hook, which i think It calls the v2/logout endpoint, and it redirects the users to the logout callback, the problem is that the auth0 cookies are not being cleared out, so if the user tries to log in again, it is automatically signed in without prompting credentials. When I manually clean the cookies after each logout the app behaves the way it’s supposed to.

I tried setting the session expiration from 36000 to 60 seconds, but that didn’t help. I also tried using the v2/logout as shown here Authentication API Explorer, but it didnt work.

Hi Alex,

Just letting you know how we do logout which may help in your case.
https://${context.request.hostname}/v2/logout?client_id=${context.clientID}&returnTo=https:///AuthzFail.htm

Instead hardcoding the Auth0 domain name in logout url we are reading from context object so we are sure that we don’t send to a different Auth0 Tenant/Instance (we have sandbox and prod in our org). And passing the client_id parameter with returnTo URL, beacuse the returnTo needs to be whitelisted logout url at client level. I think if we add the returnTo url at tenant level logout whitelisting we can avoid client_id parameter.

Cheers,
Karthick.

Hi Karuissobusy,

Thanks for your answer, unfortunately, that doesn’t work in my case, because the auth0 hook is already building the correct logout url to match the Auth0 tenant/client, and I can verify the logout was successful in the auth0 monitoring logs, the problem is that the auth0 session cookies are not cleared in the browser, therefore the user is not being asked for credentials when they press the login button, and as this doc Log Users Out of Auth0 suggests, on logout the auth0 cookies will be cleared, am I missing something here?