Logout - third party cookies

machy92 · February 14, 2019, 2:17pm

Hey guys,
so I’m having this issue with logout in okta-react. It seems like Okta is unable to delete session if browser is blocking third-party cookies. Delete request to ‘{URL}/api/v1/sessions/me’ responds with 404 (Resource not found: me (Session)). I’m using logout method from withAuth HOC. What can I do to resolve this problem?

mraible · February 14, 2019, 4:14pm

When I’ve seen a 404 in the past, it’s usually because I’m already logged out.

machy92 · February 14, 2019, 4:46pm

That’s definitely not this case. I’m 100% sure this has something to do with browser blocking third-party cookies. It seems like Okta needs to somehow interact with cookies to perform deletion of ‘{URL}/api/v1/sessions/me’. There are 2 cookies in my storage, “okta-oauth-nonce” and “okta-oauth-state”. Maybe Okta needs to read their values and TP cookies blocking makes this impossible? (not sure if TPCB prevents even reading or deletion of cookie)

mraible · February 19, 2019, 3:39pm

I haven’t seen this behavior myself. I mostly use Chrome. Are you using a certain browser? If you configure that browser to accept 3rd party cookies, does it work?

machy92 · February 26, 2019, 9:13am

I use Chrome as well. If I enable cookies it works. For example Safari blocks 3rd party cookies by default…

ccrouch · March 11, 2019, 7:25pm

@machy92 yea same here. In my case, it was an issue with getting the session. After my SPA did a sign in with redirect (i.e. my session is now active), my app would get the token in the hash, but GET /api/v1/sessions/me from my app returned 404. Navigating directly to {mydomain}/api/v1/sessions/me in a new browser tab returned 200. Toggling “Block third-party cookies” to off fixed this for me.

jas · January 3, 2020, 5:52pm

Did anyone solve this?

I’m having same issue. The React app cannot log out fully (since the MYDOMAIN.okta.com domain cookies are still stored and can’t be cleared). I obviously do not have control over my users’ browsers to make sure they allow 3rd party cookies…

e.g. is there a page hosted in my okta domain that I can hit (say by a tab open or redirect) to clear those cookies while 3rd party cookies is disabled?

worldcoder · July 7, 2020, 2:23pm

Any solutions around this? (other than enabling third party cookies or adding website as trustted one in browser)

worldcoder · July 7, 2020, 7:38pm

I think it’s not a efficient solution. any code changes i can make?

rajnadimpalli · July 13, 2020, 5:26am

You can try:
https://subdomain.okta.com/login/signout?fromURI=<post logout redirecturl>

worldcoder · July 14, 2020, 2:17pm

thanks for reply @rajnadimpalli could you elaborate little bit more. if you have any reference links appreciable

TedOH · September 11, 2020, 12:31pm

Okta FAQ: https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment?language=de&_ga=2.215676432.681955182.1599684587-654599225.1597865375

system · January 25, 2024, 12:24am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Google chrome (version 76+ ) is blocking 3rd party cookies by default, this is blocking creating cookies via sessionCookieRedirect call. How did you handle this? API api , nodejs , reactjs , angular	2	4819	September 19, 2019
authClient.session.exists() return false after login due to 3rd party cookies blocked default Questions authjs	4	2132	February 15, 2024
Okta Widget Issues with Session.Get API widget	5	8312	August 24, 2018
React signin widget NOT logging out when browser / tab is closed Questions	14	5500	February 7, 2024
How to logout the user when getting "User is not assigned to the client application." error Questions	7	15339	November 24, 2020

Logout - third party cookies

Related Topics