We have configured azure ad b2c single logout functionality and added a logout url to an application. When we sign into this application, and sign in to a second application, then logout from the second application, Azure AD B2C succesfully sends a GET request to the logout url we have configured which is great.
Our issue is how to associate the logout request received to the users session. The logout request contains the following:
curl -X 'GET' '<logout url>' -H 'connection: close' -H 'cookie: XSRF-TOKEN=<token value>; laravel_session=fpgtPB1hoJzMa15SAIE7kboQ10EEcwh1NObe6puV; _ga=GA1.2.1910264866.1606692692; _gid=GA1.2.1622950309.1606692692; io=qO1MfnLd5iFi9MZIhDwU' -H 'accept-language: en-US,en;q=0.9' -H 'accept-encoding: gzip, deflate, br' -H 'referer: <our domain>' -H 'sec-fetch-dest: document' -H 'sec-fetch-user: ?1' -H 'sec-fetch-mode: navigate' -H 'sec-fetch-site: same-origin' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H ' -H 'upgrade-insecure-requests: 1' -H 'host: <Your host>' -H 'content-length: ' -H 'content-type:
How do we identify the user session within the application to complete the logout?
