Q: I’m using 2 apps in an SSO configuration. How can I ensure that if a user logs out from app-a.com, they’re also logged out from app-b.com?
A: This is no problem. First, make sure you’re using Managed Sessions (at Realm -> Settings -> Sessions & JWT). Then, just logout the session (See: Delete a Session). Then, make sure your apps are checking the validity of the session on every page (See: Get a Session). To improve page performance, you could consider caching this 2-15 minutes (depending on how long it’s acceptable to not-detect the logged out state).
LoginRocket checks the session before it redirects too, so logging out the session will no longer automatically re-login the user to your apps.
Tagged with: sso logout
Questions? Find a Typo? Get in touch.