<div dir="ltr">Sounds like you have two separate applications? If so they'll have separate cookies, sessions, etc.. and would have to be logged-out separately. Not quite sure where you're getting '/logout' from either.<div><br></div><div>To logout you should use HttpServletRequest.logout which will redirect to Keycloak to properly do the logout. This will logout the application that the user initiated the logout from, as well as send a backchannel request to other applications to log them out.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 June 2016 at 04:06, Sarp Kaya <span dir="ltr"><<a href="mailto:akaya@expedia.com" target="_blank">akaya@expedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>According to this code:</div>
<div><a href="https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100" target="_blank">https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100</a></div>
<div><br>
</div>
<div>The cookie is only reset at the place where the logout path is. For instance:</div>
<div><br>
</div>
<div>Applications serve at /foo/app and /bar/app</div>
<div>And logout path is just /logout</div>
<div><br>
</div>
<div>In that case that won’t work because cookiePath for removeCookie would be /logout.</div>
<div><br>
</div>
<div>The problem is the user is still logged in within the period of Access Token Lifespan.</div>
<div><br>
</div>
<div>It doesn’t make sense to have different logout URL for each application as such /bar/logout and /foo/logout .</div>
<div><br>
</div>
<div>Is there a way to just keep single logout which logs out the user for each application?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Sarp Kaya</div>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>