Logout takes 5 minutes to be effective with OpenID Connect (Azure)

[jergauthier]

I have some web directories on an Apache web server that are protected with mod_auth_openidc (Microsoft Azure). Everything seems to be working great except for the logout. When I send the logged user to the logout link:

https://login.microsoftonline.com/mytenantID/oauth2/logout?post_logout_redirect_uri=https://mywatheverhomepage

it seems to be working and I am redirected to the specified redirect_uri, but if I return to my protected pages I can go right back in without being asked for a new login, unless I close and reopen the browser or wait for about 5 minutes (after 5 minutes a page refresh will ask to login again). Looks like the session is not cleared out until the server refreshes its cache or something like that (and when I say "server", I don't even know whether it's mine or the Microsoft one, but something is clearly keeping the user's session alive for about 5 minutes before flushing it).

I have been searching for hours to figure out how to fix that but could not find anything useful.

There is also the Front-channel logout URL in the Azure console with a warning saying that it's required for the single logout to work properly, but I don't even know what URL I am supposed to put there: I see contradictory answers online about that, some saying that you have to put your own app URL while others say you have to put the Microsoft logout URL, but whatever I try either doesn't change anything or gives me an error message when I logout saying that "the request specified session id but did not specify issuer" (if I put the Microsoft logout URL).

When I started working on that a couple of weeks ago I really didn't expect that the logout would be by far the most difficult and frustrating part of the process. Any help or advice would be greatly appreciated! Thank you!