We are authenticating user login to the application thru React JS → AWS Cognito → Okta by SAML based.
When user closes the browser, session is not getting killed and if he reopens the browser, he can login directly to the application without providing username and password.
We have set in Okta, Security->Authentication->SignOn,
Maximum Okta session lifetime: 15 minutes
Expire session after user has been idle on Okta for : 15 minutes
Persist session cookies across browser sessions: Disable
Please suggest how to make user login again, when he reopens the browser.
We are not revoking their access token during log out.
In this case, user does not log out. He accidentally closed the browser.
And also, while logging to the application again (he did not enter any credentials), AWS cognito refresh token is valid and it takes him in successfully.
Browser setting - We are not clearing cache/cookies when the browser is closed.
We have the same case you added in the link.
We are not calling v1/logout or delete v1/sessions/me as we are using AWS Cognito as Service provider and Okta as Id provider. We are calling awsDomain/logout, which calls okta logout and signs out the user.
Hi @Regis we are using AWS Cognito as Service Provider and OKTA as Id provider.
Cognito by default uses localstorage to store the session details and cookies.
How to make the cookie storage as “sessionStorage” ?