Log out of Custom Experience Builder Application

11-01-2020 01:30 PM
Esri Contributor

Hi All

I'm building a custom app using experience builder one of the requirements is that a user should be able to log out of the application. I'm struggling however to work out how to do this.

I see there is a session manger, and I have tried calling signOut on that, but if I refresh my page again I am still logged in, I have also tried destroying the exb_auth cookie manually and trying to invalidate the token.

Any guidance on this would be greatly appreciated.


0 Kudos
4 Replies
Occasional Contributor III

I think call `SessionManager.getInstance().singOut()` should work, can you try the latest version (1.2)?

0 Kudos
Esri Contributor

Thanks for the update, I ended up using the esriId.destroyCredentials(). Out of interest though, if we wanted to create a custom login screen how would we go about doing that? Should we be using the session manager? I've just noticed that if I use esriId, then it will login and I can then change the page, but then when it tries to load a webmap it prompts for login again, so I'm thinking that the token I have created with esirId is outside the Experience Builder system. 

So I'm thinking that session manager is the way to go? Would that be correct?

0 Kudos
Occasional Contributor III


I do not find any developer samples for SessionManager. Would like to implement silent Sign-in (user shouldn't get sign-in popup) for Webmap with the secured layers, any advise on how this can be implemented using SessionManager or any other possible way please.

Thank you.

New Contributor II

Found this problem as well, my main issue was that my client wanted to force the client to log back in without throwing them back to the AGOL/Portal sign in page.
What I found to work, instead of using just:


Which throws you out completely, you can clear the sessions, localStorage and sessionStorage.

// or if you use localStorage and want to just replace the EB Auth info


After that you can refresh the page and the user will be forced to sign back in,
I also tried but unfortunately failed to simply de-authorize the current userSession or to force it to refresh with a new token that will expire when you want it to.

0 Kudos