Share via

How to clear or refresh Microsoft specific cookies programmatically?

Anonymous
2025-06-09T13:19:08+00:00

We have implemented SSO using Microsoft as the identity provider. Now what happens is that when a user logs in using SSO for the first time, he will be asked to enter the Microsoft credentials, and then Microsoft will store the cookies. So the next time a user uses SSO login on my app. It won't ask for Microsoft credentials. So I want to clear or refresh Microsoft-specific cookies in the browser after some time (i.e. once a week) so that the next time I do SSO login in my app, it should ask for Microsoft credentials. I knew manual steps like the user can go to the browser settings and clear the cookies, but I want a programmatic solution so that I can do it from my app. Is there any way to do this?

Microsoft Edge | Website issues | Windows 11

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-06-13T14:44:13+00:00

    Hi,

    This is my second follow up regarding to your issue. We would like to know if the issue you have raised to us is still on going. If yes, please reply to the thread so we can continue troubleshooting your concern.

    Thank you.

    Regards,

    Fordy B.

    Microsoft Moderator

    Was this answer helpful?

    0 comments
  2. Anonymous
    2025-06-11T15:47:45+00:00

    Hi,

    We have noticed that you  have not replied to our last response. We would like to know if the issue you have raised to us is still on-going. If yes, please reply to the thread so we can continue troubleshooting your concern.

    Regards,

    Fordy B.

    Microsoft Moderator

    Was this answer helpful?

    0 comments
  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  4. Anonymous
    2025-06-09T18:10:47+00:00

    Hello,

    Welcome to the Microsoft Community Forum. Please accept our warmest regards and sincerest hope that all is well despite the situation you find yourself in.

    I see what you're trying to achieve, and it makes sense—you want to ensure that users are prompted to enter their Microsoft credentials periodically instead of relying on stored cookies. While browsers don’t allow direct manipulation of cookies from a third-party app for security reasons, there are a few approaches you can take to achieve this programmatically.

    Possible Solutions:

    1. Use Microsoft Authentication Session Controls

    Microsoft Entra ID (formerly Azure AD) provides session management settings that allow you to control how long authentication sessions last. You can configure:

    • Sign-in frequency: Forces users to reauthenticate after a set time.
    • Persistent vs. non-persistent sessions: Prevents long-lived cookies.

    To configure this:

    1. Go to Microsoft Entra Admin Center (entra.microsoft.com).
    2. Navigate to Protection > Conditional Access.
    3. Create a new policy and set Sign-in frequency to 1 week (or your preferred duration).
    4. Apply this policy to your users.

    This ensures that Microsoft prompts users for credentials periodically without needing to clear cookies manually.

    2. Use prompt=login in OAuth Authorization Request

    When initiating the SSO login, modify the authentication request to force reauthentication:

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize? client_id={client_id} &response_type=code &redirect_uri={redirect_uri} &scope={scopes} &prompt=login

    3. Clearing Cookies via JavaScript (Limited Control) If your app runs in a browser, you can attempt to clear Microsoft-specific cookies using [removed_js]

    document.cookie.split(";").forEach((cookie) => { 

    if (cookie.includes("login.microsoftonline.com")) { 

    document.cookie = cookie + "; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;"; 

}

    });

    However, this approach is limited because:

    • Browsers restrict clearing third-party cookies due to security policies.
    • Microsoft authentication cookies are often HttpOnly, meaning JavaScript cannot access them.

    4. Using Browser Extensions or Custom Scripts

    If your users are using a controlled environment (e.g., corporate-managed devices), you could deploy a browser extension or script that clears cookies periodically.

    5. Logout and Revoke Tokens

    You can explicitly log users out and revoke their session:

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/logout

    This ensures that the next login requires authentication.

    Hope this helps.

    Best Regards,

    Fordy B.

    Microsoft Community Moderator

    Was this answer helpful?

    0 comments