AWS Cognito Hosted UI Login - How to "delete AWS' cookie or Log the user out" from the Hosted UI post-login?
I have a NextJS application that is using AWS Cognito for the User Authentication system. We are using AuthJS@5 to integrate with AWS Cognito. After clicking sign-in, the user gets redirected to AWS Managed Login page, where they will put their credentials and logs in, afterwards they will be redirected to our application and an authenticated session ID is now available for them independent of their AWS access/refresh tokens.
It works well!
But the annoying part is that when I log my user out from my application, it only logs them in my application. Their session or cookies are still logged in at the AWS Managed Login page. I have 2 concerns:
- Even if they logs out in my application, they are still logged in the AWS managed login page which sounds like a security hole.
- Testing or Switching another user is annoying because after logging out and logging in, the AWS managed login automatically signs the previously logged in user to my application.
Attempt to solve
I tried deleting the cookie cognito from my application once the user get's authenticated.
Because the AWS Cognito's cognito cookie definition is as follows:
And by AWS docs:
A cognito session cookie that preserves successful sign-in attempts for an hour.
But this did not work.
So, is there a way to allow the following possible:
- Delete the user cookies OR log them out immediately in the AWS on the managed login page after logging in and after they got redirected to my app?
- If they logs out of my application, log them out of the AWS managed login page.
I hope anyone can help.
Thanks!
You can log the user out of their Cognito session by using the logout endpoint. You can redirect the user to this URL after logging them out of your app.
- Error: cookieParser("secret") required for signed cookies
- Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd
- AWS Cognito Hosted UI Login - How to "delete AWS' cookie or Log the user out" from the Hosted UI post-login?
- Prevent ASP.NET Core cookie-authentication from accepting cookies signed for different hostnames
- Set a cookie to never expire
- How to securely store a refresh_token on the frontend when using laravel/passport?
- What's the most reliable way to detect if the user is logging in from a different device than usual?
- How do I set up a different cookie for authentication in an ASP.NET Core Web API?
- WooCommerce - Can't remove items from cart
- Is encrypting session id (or other authenticate value) in cookie useful at all?
- Communication Issue Between API and WebAssembly on Azure Due to Extra Cookies
- Clear cookies with javascript
- What is the JavaScript equivalent of "Clear Site Data" in Chrome Dev Tools?
- How do I set cookies in Playwright test
- Laravel on sub domain ignore parent cookies when
- Persist ASP.NET Core auth cookies between docker image launches
- JWT Token/Cookies Not Sent from Frontend (Vercel) to Backend (Render) – Getting 401 Unauthorized
- Cannot set cookies when using StreamingResponse in FastAPI route for SSE (Server-Sent Events)
- How to set cookies on Jinja2 TemplateResponse in FastAPI?
- Securing JWT client side in cookies
- Is the name of a cookie case sensitive?
- Laravel 419 Page Expired on Hosting but Works Locally
- Expiring a Secure Cookie
- Cookies are not sent when I run my Angular app in production mode
- React/Express set-cookie not working across different subdomains
- Accessing Cookie client-side with Next JS
- Is it possible to get $_COOKIE with TypoScript?
- Cookie issues with Passport: why are cookies not sent/stored?
- Clear-Site-Data "*" : Different behavior in both Firefox and Chrome
- Apollo Gateway: Forward Subgraph `set-cookie` Header to Gateway to Client