Logout Service API Returns 200 but User Session Remains Active

rmishra1 · August 4, 2025, 9:31am

Hi Team,

I have implemented a logout service method which is being called from a component wherever logout functionality is required. However, despite receiving a 200 response from the API, the logout process is not functioning as expected — the user session remains active.

Below is the code for your reference:

Logout Service Method:

 async userLogout() {     
    
     const response = await this.fetchClient.fetch('/user/logout', {
       method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'Accept': 'application/json'
        },       body: JSON.stringify({}),
     });
     return response.json();
   }

Component Integration:

  this.authService.updateMobileNumber({ phone: phone.number, oid: this.oidNumber })
  .then(response => {
    console.log('Update successful:', response);

    return this.authService.updateUserSettingMobileNumber({ phone: phone.number });
  })
  .then(resp => {
    console.log('User setting updated successfully');

    this.alertService.success('Mobile number updated successfully');
    this.mobileNumber = phone.number;
    this.bsModalRef.hide();
    this.authService.userLogout();
  })
  .catch(error => {
    console.error('Failed to update mobile number or user setting:', error);
    this.alertService.danger('Failed to update mobile number. Please try again.');
  });

Although the logout API is being hit and returns a 200 OK status, the session is not actually terminated. Please advise if there is any additional step required (such as clearing cookies or redirecting to a login page) to complete the logout process effectively.

Let me know if you need further information.

Best regards,

Rahul

Tristan_Bastian · August 4, 2025, 9:58am

Hi @rmishra1,

What do you mean by session is not actually terminated and what do you expect to happen?

In case you’ve been logged in via cookie auth, the cookies should have been deleted after the call to /user/logout. Is this not the case? Are you still able to perform requests against the API that require to be logged in?

Depending on the Web SDK version you are using we offer a logout method as part of the SimplifiedAuthService ( Web SDK documentation >=1022) or the LoginService ( Web SDK documentation <1022).

We usually do a page reload after logout to ensure all user data is acutally removed from application state and the user ends up on the login page again.

Regards,
Tristan

Topic		Replies	Views
Terminate user Sessions Forum cumulocity-edge	2	33	September 29, 2025
Is there a benefit to using Logout URL with Cumulocity and SSO? Forum cumulocity	2	52	February 26, 2025
User session logout alert Forum cumulocity	6	760	April 15, 2024
C# microservice is not working Forum cumulocity	6	83	May 13, 2025
November 28, 2024 - Option to log out all users when deleting or modifying a global role Platform services platform-services , administration , Feature	0	12	March 17, 2025

Logout Service API Returns 200 but User Session Remains Active

Related topics