Hi there, I'm working on the same project. And since this forum post, the error did not occur again for about a month and has recently occurred 3 times in the last week.
The instance is a fusionauth instance.
(auth.*.ch is a CNAME (alias) for bnjmvfriojf0pzpzhtmmz6xf2sgl6b.durable.fusionauth.io)

The access where the error occurs was via browser (firefox to be exact if sentry is to be believed).

There are no recent changes to the CORS config.

For most of our users this does not seem to be an issue. It happens very isolated for a handful of users.

@Alex-Patterson said in Node Version Compatibility:

@max-0 our SDK package.json can be found here https://github.com/FusionAuth/fusionauth-typescript-client/blob/master/package.json

In reality, we don't impose any limitations on a client, if something doesn't work well with your setup you can always exit from the SDK strategy and call the API's directly.

Thanks for the clarification! Good to know we can always call the APIs directly if needed.

We are experiencing the exact same issue.

We also call /oauth2/logout, and FusionAuth appears to log the user out correctly. However, the cookies account.at and account.rt (created by FusionAuth) remain in the browser after logout.
This means a valid user token is still present even after logging out.

When the next user logs in, there is a mismatch between the old cookies and the new user, which causes errors in the hosted login pages.

In our view, this is a critical bug:
Tokens created by FusionAuth must be cleared during the OAuth2 logout process. If they persist, the logout is not complete and leads to incorrect behavior.

Is there an official fix or recommended way to force FusionAuth to remove these cookies on logout?

Thanks
Marcel