Change Log | ||
---|---|---|
| WayGee |
|
Related Documents | |
---|---|
Confluence Link | Unable to render {include} The included page could not be found. |
Important - Please implement the new logout strategy outlined below in your applications.
New Local Logout Requirement
A new logout requirement was determined by the business, whereby logging out of an application should not affect other logged in applications. In other words, applications should perform a local logout only. Global Logouts should not be used. If you have a scenario for global logout, please contact us in the slack or support channels. The directions for logout have been updated.
Unique session or cookie identifiers
In addition, there should be a unique session id (or unique cookie name) per tab. In the past, we advised that cookies should be based on your clientID. The new change is that the naming convention should be unique, so we recommend clientID + some unique string. The directions for cookie naming have been updated.
Impact on Cognito SSO Cookie
With applications performing local application logouts only, the Cognito SSO cookie will naturally expire after 1 hour. The SSO cookie should not be affected by local application logouts.
Example Diagram of Logout Strategy
Known Use Cases for Global Logout on USTA.com
Update Email from Sign In user dashboard
A global logout is performed to keep email field in ID Token up to date
Proposal: Will display a message to the user that this operation will log them out of all applications.