Intermittent Logout Failure with Custom Session Store #1531
Description
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
In the past, stateless sessions were problematic for logouts in our application due to the race condition between clearing the user agent's cookies & a concurrent network request that sets a valid cookie.
To solve this, we've implemented a custom session store using Redis (by following this example). As a result, the success rate of logouts have improved drastically -- however, I'm still noticing that logout will fail at times. This failure seems to happen at the application session layer since there is a "Successful Logout" log in our Auth0 tenant, but the application session is still active.
FWIW:
- logout failure occurs roughly every 1 in 10 attempts
- when logout fails, a subsequent logout seems to work fine
All that to say, I suspect there may be a race condition given the intermittent nature of the issue. Ideally, having stateful sessions should eliminate this issue.
Reproduction
- Set up store with Redis (.get/set/delete methods)
- Supply store as
config.sessiontoinitAuth0 - Invoke logout handler (
/api/auth/logout)
Additional context
No response
nextjs-auth0 version
2.6.3
Next.js version
13.4.12
Node.js version
18.18.2