https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> why could it be that the sid is mis...
# ory-copilot
b
@chilly-king-10285 why could it be that the sid is missing on logout?
c
A message from kapa.ai
The 
sid
(session ID) could be missing on logout due to a few reasons: 1. Strict Browser Privacy Policy: If you are using a browser with a very strict privacy policy, it might make it difficult or impossible for Ory to properly set cookies. For instance, the Brave Browser has been observed to cause issues in this regard. 2. Remember Parameter: If you didn't set 
remember: true
when accepting the login request, it could lead to a missing active authentication session. 3. Missing Cookie: Before filing a bug report, ensure you have a cookie named 
oauth2_authentication_session
for the URL Ory OAuth2 & OpenID Connect is running on, and for the domain that's in your 
http://.../oauth2/sessions/logout
. Please note that even if the 
sid
is missing, if the 
id_token_hint
is set, Ory knows who the user to be logged out is and if any Front-/Back-channel Logout is configured for that client, it will be executed even if there is no valid authentication session for that user in Ory. For more details, please refer to the [Ory documentation](https://www.ory.sh/docs/hydra/debug/logout).
b
@chilly-king-10285 the sid in id_token got lost after call to an oauth2 token hook
c
A message from kapa.ai
The 
sid
(session ID) could be missing in the 
id_token
after a call to an OAuth2 token hook due to a few reasons: 1. Webhook Failure: If a webhook for 
refresh_token
grant type fails with a non-graceful result, the refresh flow will fail and the supplied 
refresh_token
will remain unused. This could potentially affect the 
sid
in the 
id_token
. 2. Token Subject Override: Tokens issued by Ory to the OAuth2 client will contain the data from your webhook response. However, you cannot override the token subject. If you're trying to do so, it might affect the 
sid
. 3. Legacy Webhook Implementation: If you're using the old version of the webhook feature built specifically for the 
refresh_token
grant type, it's worth noting that this mechanism is deprecated and no longer supported. This could potentially affect the 
sid
in the 
id_token
. For more details, please refer to the [Ory documentation](https://www.ory.sh/docs/hydra/guides/claims-at-refresh#updated-tokens).
Open in Slack
PreviousNext
Powered by