Clear-site-data Header on Logout anomaly with the browser Google Chrome



We’ve encountered a challenge with the “Clear-site-data Header on Logout” feature in ForgeRock 7.3, specifically when using the Chrome browser (version 118). I’d like to outline the use case to provide a clear understanding of the issue:

  • User Authentication in Realm X (Application A):
  • The user successfully authenticates into Application A within Realm X.
  • Both application-specific and ForgeRock cookies are set.
  • Automatic Realm Switch to Application B in Realm Y:
  • The user clicks a link redirecting them to Application B in Realm Y.
  • We’ve updated the switch realm.js to seamlessly submit the request without requiring user validation for realm change.
  • Session ID Set and Logout/Authenticate in ForgeRock:
  • Application B sets a session ID to track the request.
  • The user is redirected to ForgeRock for logout in Realm X and authentication in Realm Y.
  • Issue at Redirect Back to Application:
  • Upon returning to the application after the ForgeRock process, all previous cookies (both from Application A and the session ID from Application B) are inexplicably removed in Chrome (version 118).
  • Due to the absence of the session ID from Application B, the application fails to process the request.

Investigation and Findings:

  • The problem appears to be specific to Chrome, version 118.
  • Disabling the “Clear-site-data” feature on the realms resolves the issue.

As reminder this is the value set for this header:
Clear-Site-Data: “cache”, “cookies”, “storage”, “executionContexts”

We are seeking clarification (if somebody have it) on why all cookies, including those from Application A, are deleted during this process. Ideally, only ForgeRock cookies should be affected.

For information we don’t have the same issue with Firefox Browser.

Hello @jalil,

Thanks for reaching out to the Community.

The problem you have thoroughly described has been documented by ForgeRock in the form of an RFE (Request for Enhancement) titled Clear-Site-Data has many unintended impact and one should have option to choose the level of clearing.

Review the contents of this RFE here:

You can click on the Watch for updates button within this RFE to follow the status of the work around this issue.

Warm Regards,


Hi @edward.johnson

Thank you very much for your response and the RFE link.

I will follow up the status.

Best regards,

1 Like