
User16148822500136406721 (Customer) asked a question.
- I am using AWS Amplify, Cognito and OKTA for login and authorization
- I enabled single signout flow in cognito Identity Provider and uploaded certificates in OKTA. This works as expected and I am able to logout of the application with single signout flow
- I configured tokens to be stored in session storage rather than local storage using Amplify
- When I close the browser and re-open the browser and start my app, I am able to login without providing any credentials (This is the issue)
- Technically, session storage data is getting removed when closing the browser but OKTA session remain and it provides access to app without even asking credentials when we reopen the browser and click app again
Requirement is to logout the application on logout button click or browser closure as the system will be shared between the users
I am struck with this issue for past few days and could not able to proceed further. Any help will be appreciated.
Since I am using amplify, I configured cognito identity details usingamplify and did not use any cognito or OKTA npm packages.
Please suggest how to remove OKTA session or cookies from the application or please let know if any of the below steps are possible:
- Is it possible to invalidate OKTA session from Amplify (apart from Auth.signout())
- Is it possible to invalidate or remove OKTA session from cognito
- Any other suggestions are welcome

Hello Sriram.
If Single logout is configured, signing out of the application will sign out of Okta as well, but this cannot be done upon browser closure or system restart. If you really need to close Okta session another way I recommend leveraging Okta's API.
For more information feel free to open a case with us to discuss further.
Thank you,
Baver Deacu
Okta Technical Support Engineer
@baver.deacu1.5626825884606619E12 (Vendor Management) Opened a new question with some detailed analysis
https://support.okta.com/help/s/question/0D54z00006uOo7ICAS/leverage-okta-api-to-clear-user-session