francescodedomenico opened a new issue, #11324: URL: https://github.com/apache/apisix/issues/11324
### Description Hello, I am opening this request to keep track of the https://bugzilla.mozilla.org/show_bug.cgi?id=1900647 I have recently opened. This is relevant for APISIX because it causes the infamous Error 500  We are using the oidc authz plugin with apisix running as confidential client. We have noticed that /logout endpoint in Firefox does not handle the Set-Cookie correctly, resulting into the session cookies still present after the logout. After a new login Apisix tries to refresh a previously closed session resulting in the above mentioned error 500. Note that this happens to us only in Firefox running in normal mode, in private mode the Set-Cookie handler is correctly handled and cookie cache is wiped out. We did try also with Edge and Chrome browser v125+ and cookie cache is correctly wiped out (resulting in no error 500 being returned) We do have the strong feeling that **this is not a apisix bug** therefore I am not marking this as a software issue, however I would ask the community if anyone has been able to replicate this behavior using Firefox and apisix as a confidential oidc client. Thank you! ### Environment - APISIX version (run `apisix version`): 3.9 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
