Hello!
I'm failing with logging out from a Cognito authenticated ALB session. The authentication itself works perfectly.
I want to logout the user from the session and understand I have to delete/expire the cookie (AWSELBAuthSessionCookie-0,...) and redirect to the /logout endpoint. I also understand that the auth session cookie is HttpOnly and must be deleted server-side.
The authenticated application is hosted on a subdomain "a.example.com". My various server-side cookie deletion attempts failed. I had for example the following response header set:
"set-cookie: AWSELBAuthSessionCookie-0=;Domain=a.example.com;Path=/;Max-Age=0;Secure"
But none of my set-cookie headers did actually delete the auth session cookie.
Any ideas how the cookie can be deleted/expired?
Cheers Fabian