By using AWS re:Post, you agree to the Terms of Use

How to Modify AWSELBAuthSessionCookie to Log Off User


I have developed a containerized web server in ECS behind a Cognito authenticated Application Load Balancer. I am in the final stages of development and working on implementing a log off button. The documentation below states to log off a user, the application should modify the authentication session cookies and set the expiry to -1. On the client side, I can see the session cookies, but they are marked as HTTPOnly and can not be modified. I do not see the cookies on the server side and based on the documentation, it does not sound like the cookies are sent to the server. How do I modify the cookies to log out a user or is there another way to log out a user?

1 Answers

From the information you provided, I understand you need more information related to authentication logout and session timeout for ALB.

When a user that has been authenticated needs to log out, the application should invalidate the session cookie by setting expiry to -1 but also redirect the client to the IdP logout endpoint. This needs to be done by your application.

Make sure the code consists of:

  1. Invalidate the AWSELBAuthSessionCookie-0 and AWSELBAuthSessionCookie-1 cookie by setting expiration time to -1, or just clear both of them.
  2. Redirect the user to idp logout endpoint

You should be able to set the expiry to -1 with set-cookie.

I hope you find this helpful.


answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions