I am trying to implement logout feature in my spring-boot - oidc based web app. When I look at okta forum, I was able to see two recommendations (from below links) to delete the token from the okta server and other one is to delete the session.
below is the code which i am using in my spring app…
when I am using the above code, my cookies are not getting deleted and even when i implement custom logoutHandler to delete the session by making Delete call on https://domainName/api/v1/sessions/me, its not even working…
its redirecting me to the /logOutSucccessful url and still I can see the cookies in my browser…
Assuming you are redirecting to an Okta domain to login (and you already have an SSO session with Okta) you may get bounced back into your application without realizing it.
The easiest way to see if this is happening is to turn on developer tools and make sure “Preserve log” is enable.
Another way to tell is if your application has a different session id
i was tracing the network log and came to that conclusion that the I still have the session, even though i log out…
but when I implemented the following code, with our explicitly defining .deleteCookies() and invalidateHttpSession(true), I was able to see the call is going to okta for oAuth login again…