1

I have a Next.js app using Auth0 for authn/authz. Locally everything works fine (login and logout). However, when I deploy my app on Azure Static Webapps, the login still works but the logout doesn't. It seems to log me out but when redirecting me to my main page, I am signed in again. Locally though, the logout works as expected.

A Github issue shows that other people are affected but, unfortunately, the only solution mentioned is for Cloudfront users.

I've added a staticwebapp.config.json with the following config, but didn't help:

{
  "routes": [
    {
      "route": "/api/auth/*",
      "headers": {
        "cache-control": "no-store, must-revalidate"
      }
    }
  ]
}

Here's a repo where the issue is present.

Improve this question
4
  • Please don't tag your titles. See How to Ask. Commented Oct 8, 2024 at 19:21
  • @rocketer If possible, share your GitHub repository without secrets? Commented Oct 9, 2024 at 4:25
  • @AsleshaKantamsetti added a repo to the description. Commented Oct 10, 2024 at 7:20
  • @rocketer Did you find a solution? I'm encountering the same problem. Commented Apr 29 at 22:10

1 Answer 1

Reset to default
1

Why isn't logout working in my NextJS app on Asure Static Webapps?

The reason this isn’t working in the Next.js app on Azure Static Web Apps is that when I click the logout button, the app session cookie is regenerated, causing the user to be logged in again.

I manually deleted the appSession cookie using the Application option in the browser tools. I selected Cookies -> App URL -> appSession -> Clear All Cookies, and then logged out.

enter image description here

The user is successfully logged out, as shown below.

enter image description here

Refer my GitHub repository for complete code.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I am aware of that but the auth0-nextjs documentation doesn't mention that cookies need to be manually deleted. On localhost, the cookies are deleted, only on Azure they are not.
So the trick is to configure "set-cookie": "appSession=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=None; Secure" on Azure, right?
Even with the same staticwebapp.config.json, the call to /api/auth/logout still sets the appSession cookie...
@rocketer I tried that but nothing is worked, so I manually deleted the cookie.
I don't think manually deleting the cookie is the right solution.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.