Signout URL does not delete "idx" cookie

We recently updated from Classic engine to Identity Engine which changed the SSO cookie from “sid” to “idx”. But we noticed the logout URL
https://<custom-domain>/login/signout
deletes the “sid” cookie but does not delete the “idx” cookie. This leave the user with a dangling “idx” cookie,

Is this a bug?

Are you trying to log users out from an OpenID Connect application? If so, you can using the /v1/logout endpoint to end the user’s Okta session, and that should clean up that idx cookie.

Thenks, the problem is sometimes they will return or share a device with someone else, and the old idx token is still there but we no longer have the id-token to log them out.

Do you know if there Is there any logout URL that will remove the idx cookies and session without having to specify the id-token?

The only endpoint I’m aware of that would support this is a bit more nuclear, and allows you to end all sessions for a user.

Note that you will need a valid API Token/bearer token issued to an Admin user to make this request.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.