This will require you to utilize whatever application session stack you are using to clear out any session related information. Logging users out of your applications typically results in their application session being cleared, and this should be handled by your application: for the Application Session Layer, there is nothing within your Auth0 tenant that you need to use to facilitate session termination.
Though your application uses Auth0 to authenticate users, you'll still need to track that the user has logged in to your application in a regular web application, for example, you achieve this by storing this information inside a cookie. The first layer is the session inside your application or the Application Session Layer. There are typically three session layers that can be created when you login and the logout behavior you choose for your applications should make it clear to users which have terminated-ideally displaying a visual confirmation of this. It is a security best practice to terminate sessions when they’re no longer needed to avoid a potential takeover by unauthorized parties.Īuth0 provides tools to help you give users the ability to log out this includes options for providing different levels of logout and also determining where the user will land after the logout is complete. When we talk about logout in the context of Auth0 implementations, we are talking about the act of terminating an authenticated session.
0 kommentar(er)
