request is getting authenticated with old cookie value even after logging out from browser and hitting the same request from postman or any other similer app

Sreerag Ss - Vendor 1 Reputation point
2020-12-04T14:30:36.857+00:00

i am using azure ad authentication (microsoft login page) and on logout application is getting redirected on the login.microsoftonline.com{tanant id}/oauth2/logout?post_logout_redirect_uri={logouturl} and its working perfectly from browser side but if we again hit the old request with old cookie from fidler or some tool then it gets authenticated.

Requesting help here!!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 27,016 Reputation points
    2020-12-04T18:21:54.397+00:00

    Hello @Sreerag Ss - Vendor , this is expected as Azure AD stores the session information in a session cookie which can last from 24 (non persistent) hours to 90 days (persistent trough the Keep me signed in option).

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    0 comments