Can't sign out, automatically signs in immediately

Question

Can't sign out, automatically signs in immediately

cutesweetpudding opened this issue a month ago · comments

Checklist

The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
I have looked into the API documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

Everything works fine in local, I implement same way as example app. Just login/logout, however after deploy to azure static web, it fails to signout, always immediately signs back, which extremely annoying. I have tried all solutions online, and wasted 2 days on this issue, still can't figure it out. Attach a screenshot, logout v2 url is called, but session / cookie not cleaned, I even tried to manually clean it, but it adds back immedately.

Reproduction

Just deploy azure static website, I think this is common issue.

Additional context

n/a

nextjs-auth0 version

3.5.0

Next.js version

8.1.0

Node.js version

v20.8.0

Jeroen Minnaert · Answer 1 · Wed May 15 2024 03:34:28 GMT+0800 (China Standard Time)

Same issue over here, not sure what's going on. Tried changing to links as instructed here, but that didn't help. I'm running this on an AWS stack and Cloudfront.

Might be related to #42?

Zack · Answer 2 · Wed May 15 2024 05:48:18 GMT+0800 (China Standard Time)

Same issue here. Using Azure static website.

Jeroen Minnaert · Answer 3 · Thu May 16 2024 01:43:50 GMT+0800 (China Standard Time)

From my part, it looks like this is related to the cache policy in my Cloudfront.

I've deployed using SST and the NextJs construct.

Jeroen Minnaert · Answer 4 · Thu May 16 2024 03:35:41 GMT+0800 (China Standard Time)

I found a fix for this issue in my stack. Since Auth0 uses Cookies for authentication, I had to explicitly set cookieBehavior: CacheCookieBehavior.all() (default it is set to none). Spent a long time looking for this solution, I hope this helps someone else.

Below is the full code:

  const nextJsSite = new NextjsSite(stack, "next-js-site", {
    path: "packages/web",
    cdk: {
      // By default, the cache policy is configured to cache all responses from
      // the server rendering Lambda based on the query-key only. If you're using
      // cookie or header based authentication, you need to override the
      // cache policy to cache based on those values as well.
      serverCachePolicy: new CachePolicy(stack, "ServerCache", {
        queryStringBehavior: CacheQueryStringBehavior.all(),
       // The headers below are set by the SST construct so adding this as well
        headerBehavior: CacheHeaderBehavior.allowList(
          "accept",
          "rsc",
          "next-router-prefetch",
          "next-router-state-tree",
          "next-url",
          "x-prerender-bypass",
          "x-prerender-revalidate",
        ),
        // The line below solved my problem
        cookieBehavior: CacheCookieBehavior.all(),
        defaultTtl: Duration.days(0),
        maxTtl: Duration.days(365),
        minTtl: Duration.days(0),
      }),
    },
  });