custom tab don't remove the session after logout and login with different user

[AsmaaMosa]

when I login with a user and try to open custom tab for one of our website pages the page see that the user is logged in correctly and that is fine, after that I logout using end session method and log in with different user and open the same website page the page still see that the logged in user is user one,, so is there any way to clear the cookies of this saved user after logout ?

[Lee-Hounshell-at-MarianaTek]

We have this question too. Same problem.

[agologan]

Really depends on your Idp having implemented end-session correctly.
If they have and you pass in the correct id_token_hint before it redirects back to the app it will clear your cookies.

[Lee-Hounshell-at-MarianaTek]

We found a workaround solution: during login, set the max_age parameter to "0" to force the prompt=login to take effect.
We only had to add this code to our AuthorizationRequest.Builder:

`
        if (ephemeralToken == null) { // if we don't already have a token, we need to force IDP login
            setPrompt(LOGIN)
            val maxAge = mapOf("max_age" to "0")
            setAdditionalParameters(maxAge)
        }
`

see: #15

[Lee-Hounshell-at-MarianaTek]

We found a workaround solution: set the max_age parameter to "0" to force the prompt=login to take effect.
We only had to add this code to our AuthorizationRequest.Builder:

`
        if (ephemeralToken == null) {
            setPrompt(LOGIN)
            val maxAge = mapOf("max_age" to "0")
            setAdditionalParameters(maxAge)
        }
`

see: #15