We are experiencing the exact same issue.
We also call /oauth2/logout, and FusionAuth appears to log the user out correctly. However, the cookies account.at and account.rt (created by FusionAuth) remain in the browser after logout.
This means a valid user token is still present even after logging out.
When the next user logs in, there is a mismatch between the old cookies and the new user, which causes errors in the hosted login pages.
In our view, this is a critical bug:
Tokens created by FusionAuth must be cleared during the OAuth2 logout process. If they persist, the logout is not complete and leads to incorrect behavior.
Is there an official fix or recommended way to force FusionAuth to remove these cookies on logout?
Thanks
Marcel