Is there any way we can clear the cookie

JSESSIONID

for a SuiteCommerce webstore? It’s an HttpOnly cookie so it cannot be cleared at the client side.

Write JS to remove it? What have you tried already?

Since it’s an HttpOnly cookie, I’m not able to remove it via JS.

Random idea: What if you find out the request that is sent when you click the Log Out button, and then send the same request, or just programmatically click the logout? Would that do what you want?

Thanks for the response @Aaron McCausland. I tried that already - triggered the logout link to see if that clears the cookie, but apparently that does not help. As of now, only if I manually delete the cookie from the browser, the SSO flow works correctly.

Is this something meant to sign in as an entity stored in NetSuite, or to use NetSuite as a way to sign into something else?

This is Outbound SSO, meaning NetSuite/SuiteCommerce (IdP) is being used for signing into an external application.

Hmmm. I have no experience or knowledge on that subject, but I wonder if it would help (random possibly useless idea #2) if the outbound SSO was done via a request to a separate restlet or something like that. Maybe separating it like that would keep the cookie from carrying through to the process run by the restlet.

Unfortunately, to begin with, it needs a standard login form to authenticate the user. Hence the very first step leads the user to the SC login form. We can make use of RESTlets in the flow, but after the user has been authenticated, so using a RESTlet for the first step would not work. Regardless, I really appreciate you sharing all these ideas @Aaron McCausland !

Hopefully you don't have to create your own authentication system, but I believe that's a possible worst-case scenario approach that would take a lot of time and effort to get right.