From d50f01d41fb130e80a33bbd056f66d0c926eb229 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Mon, 23 Feb 2026 11:31:44 +0000
Subject: [PATCH] Logout: redirect through federation sso-logout to clear all
 sessions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 infrastructure/oauth.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/infrastructure/oauth.py b/infrastructure/oauth.py
index 27d0449..6c5dd83 100644
--- a/infrastructure/oauth.py
+++ b/infrastructure/oauth.py
@@ -126,9 +126,7 @@ def create_oauth_blueprint(app_name: str) -> Blueprint:
         qsession.pop(SESSION_USER_KEY, None)
         qsession.pop("cart_sid", None)
         qsession.pop("sso_checked", None)
-        from shared.infrastructure.urls import blog_url
-        resp = redirect(blog_url("/"))
-        resp.delete_cookie("sso_hint", domain=".rose-ash.com", path="/")
-        return resp
+        # Redirect through federation to clear the SSO session too
+        return redirect(federation_url("/auth/sso-logout/"))
 
     return bp