We are authenticating user login to the application thru React JS → AWS Cognito → Okta by SAML based.
When user closes the browser, session is not getting killed and if he reopens the browser, he can login directly to the application without providing username and password.
We have set in Okta, Security->Authentication->SignOn,
Maximum Okta session lifetime: 15 minutes
Expire session after user has been idle on Okta for : 15 minutes
Persist session cookies across browser sessions: Disable
Please suggest how to make user login again, when he reopens the browser.
Browser setting - We are not clearing cache/cookies when the browser is closed.
We have the same case you added in the link.
We are not calling v1/logout or delete v1/sessions/me as we are using AWS Cognito as Service provider and Okta as Id provider. We are calling awsDomain/logout, which calls okta logout and signs out the user.