Single sign out: Endsessioncallback and PostSignOutAutoRedirectDelay=0

[torbad]

Hi,
while implementing PostSignOutAutoDirect in our IdentityServer setup, we found that setting the delay to 0 (which is also the default value) had the side effect of "short-circuiting" the request to endsessioncallback.
I observe that endsessioncallback is no longer "placeholder for future work" (#1581) and now cleans up cookies.

In the context of #699, @brockallen commented

"I don't think we'll allow auto redirects -- the reason is that it's possible that there are iframes being loaded on the page to trigger logouts to other places"

Is such a concern no longer relevant, or is using a redirect (in particular an immediate one) something you should not do unless you really know what you are doing?

Is there a decent way to have the post sign-out autoredirect ("immediately") without trading it for the cookie cleanup?

AuthenticationOptions = new AuthenticationOptions
{
                       //Other props left out for brevity
                        EnablePostSignOutAutoRedirect = true,
                        PostSignOutAutoRedirectDelay = 0
},

[brockallen]

You can have one or the another.

To detect when it's safe to redirect, you'd need JS to know when the embedded iframs are done (and the iframes inside the other iframes, etc). If you want to take a stab at that, then do it and let us know how it goes.

[cstrijkert]

@brockallen Do you have any suggestions on how to write a JS script that waits for redirecting until all iframes are ready? With setting the PostSignOutAutoRedirectDelay property I was never sure that all clients are logged out,

[brockallen]

Maybe something like this: https://github.com/IdentityServer/IdentityServer4/blob/dev/src/Host/wwwroot/js/signout-redirect.js