I have been working on a project that integrates spring-cloud-based microservices and MVC applications with SSO. currently, I use spring-session for the session repository service. My current applications login component contains an authentication server to create a session in the backend, and a frontend client calling such a login service, it works fine. But when I logout from other applications, my current strategy is to redirect to the logout page of this login component and then send an ajax call to the backend service to set the session stored in the session repository to expire. This approach works only if the user is successfully redirected to the login component to logout.
I thought about calling the logout service directly from the other applications instead of redirecting all logout requests to the login component, but the downside would be for all my other applications, I need to implement the logout service.
What would be the general strategies to use to guarantee user session is logged out in an SSO environment that could minimize creating duplicated logout service for each application?
