App not retaining the browser logout state through SSO.
jasmineelamblakatt opened this issue · 2 comments
Hello Team,
I was able to implement SSO in OKTA by enabling 'Persistent cookies', so after successful login in App and then after opening browser, it's in a logged-in state.
But once I logout from the browser and open App, App is still in a logged-in state.
I use the "introspect" method while launching the App, and it's showing the payload as active and through the Access token, it goes to the logged-in state.
How do I check the cookie state through the "introspect" method when launching the App or is there any other way to check the login state?
Apologies for the late reply.
There’re two main reasons why a user can automatically sign in after logout:
-
There’s no way to clear all cookies and cache in
ASWebAuthenticationSession. This component manages cache internally and shares it among different authorization sessions. -
Okta doesn’t execute federated logout when a user signs out. Okta logs out from Okta' environment but not from IDP (Google, Facebook et.). Therefore, IDP' session is alive after logout.
Do you use signOutOfOkta method or signOut? If you use signOutOfOkta keep in mind:
This method does not clear or revoke tokens minted by Okta
Closing the issue as answered. Feel free to reopen or create new one.