Logout from an ALB session that is authenticated by Cognito


I'm failing with logging out from a Cognito authenticated ALB session. The authentication itself works perfectly.
I want to logout the user from the session and understand I have to delete/expire the cookie (AWSELBAuthSessionCookie-0,...) and redirect to the /logout endpoint. I also understand that the auth session cookie is HttpOnly and must be deleted server-side.
The authenticated application is hosted on a subdomain "a.example.com". My various server-side cookie deletion attempts failed. I had for example the following response header set:

"set-cookie: AWSELBAuthSessionCookie-0=;Domain=a.example.com;Path=/;Max-Age=0;Secure"

But none of my set-cookie headers did actually delete the auth session cookie.
Any ideas how the cookie can be deleted/expired?
Cheers Fabian

asked 5 years ago1710 views
1 Answer

What did the trick is omitting the domain (although in my case the authentication was setup for a hostname with a subdomain).
This worked for me:

Set-Cookie "AWSELBAuthSessionCookie-0=deleted;path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT;"
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions