I am attempting to logout of a cognito + ALB setup by expiring the two ALB cookies and then redirecting to the Cognito logout endpoint. This works the first time I try to use it, however on subsequent logout attempts it will only do the redirect and will no longer expire the cookies, is there any reason for this to be occuring? Additionally is there some better way to expire these http-only cookies rather then setting them like this?
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cognito-alb-logout
namespace: kubeflow
spec:
gateways:
- kubeflow-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /logout
redirect:
authority: "PLACEHOLDER_DOMAIN"
headers:
response:
add:
Set-Cookie: "AWSELBAuthSessionCookie-1=deleted;path=/;expires=Thu 02 Jan 1970 00:00:00 GMT"
set:
Set-Cookie: "AWSELBAuthSessionCookie-0=deleted;path=/;expires=Thu 02 Jan 1970 00:00:00 GMT"
location: "https://<COGNITO>/logout?client_id=1234567891012&logout_uri=https://<PLACEHOLDER>"