Yes unfortunately it's a nuke 'em all approach, but alternatively the client could monitor the presence of the __session cookie and log the user out client side on each subdomain if it's missing.
Updated the last step to show how to revoke a user's authentication across all devices or just the current device.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes unfortunately it's a nuke 'em all approach, but alternatively the client could monitor the presence of the
__session
cookie and log the user out client side on each subdomain if it's missing.Updated the last step to show how to revoke a user's authentication across all devices or just the current device.