I have 2 .NET Framework MVC5 apps that uses Cookie Auth and a Keycloak SSO server. I logged in to the SSO Server from both of the apps. If I logout from one of the apps, should I just remove the cookie or logout from SSO server altogether. If I do logout from SSO server, how can I notify the other app that the session is terminated, and it should try to log in again. Thank you
I tried to use back-channel logout with no success, probably done something wrong. I can just remove the cookie if I log out from one of the apps but I don't know which is the best practice for SSO servers.