Prevent from JSESSIONID being set into cookies


currently we are building a frontend that queries Jira data center(backend) via REST API.

currently we only implement a basic HTTP request.

but we are facing an issue.

assuming a user is created in the Jira backend, when the user is trying to login via our frontend, he’s able to login normally.

but the problem arises when he attempt to logout, and relogin.

We suspect that the sessionid/cookies cannot be verified to authenticate.

ie: when he logouts from the frontend, the sessionid/cookies is cleared from Jira, but not cleared from his browser.

we tested if the user directly logins and logouts from the Jira backend itself, it works ok. Problem only when he tries to login from frontend, logouts, then tries to login again.

Is there any way thing that we miss?

Hope you can help me understand if we did something wrong in the process.