request is getting authenticated with old cookie value even after logging out from browser and hitting the same request from postman or any other similer app

Sreerag Ss - Vendor 1 Reputation point

i am using azure ad authentication (microsoft login page) and on logout application is getting redirected on the{tanant id}/oauth2/logout?post_logout_redirect_uri={logouturl} and its working perfectly from browser side but if we again hit the old request with old cookie from fidler or some tool then it gets authenticated.

Requesting help here!!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,612 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 25,276 Reputation points Microsoft Employee

    Hello @Sreerag Ss - Vendor , this is expected as Azure AD stores the session information in a session cookie which can last from 24 (non persistent) hours to 90 days (persistent trough the Keep me signed in option).

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    0 comments No comments