How to fix auth/session-cookie-revoked: Firebase session cookie invalidated in Firebase

// Node.js example
try {
  const decodedClaims = await admin.auth().verifySessionCookie(
    sessionCookie,
    true // checkRevoked = true
  );
} catch (error) {
  if (error.code === 'auth/session-cookie-revoked') {
    console.log('Session cookie has been revoked');
    // Handle revoked session
  }
}

// Express.js example
app.post('/sessionLogout', (req, res) => {
  res.clearCookie('session'); // Clear the session cookie
  res.json({ message: 'Session cleared' });
});

# Python Flask example
from flask import make_response

@app.route('/sessionLogout', methods=['POST'])
def session_logout():
    resp = make_response({'message': 'Session cleared'})
    resp.set_cookie('session', '', expires=0)
    return resp

// Client-side redirect
if (error.code === 'auth/session-cookie-revoked') {
  // Clear any client-side state
  localStorage.removeItem('userSession');

  // Redirect to login page
  window.location.href = '/login?session_expired=true';
}

// Server-side redirect (Express)
res.status(401).json({
  error: 'Session revoked',
  redirect: '/login?session_expired=true'
});

// Create new session cookie after login
app.post('/sessionLogin', async (req, res) => {
  const idToken = req.body.idToken;
  const expiresIn = 60 * 60 * 24 * 5 * 1000; // 5 days

  try {
    const sessionCookie = await admin.auth().createSessionCookie(idToken, { expiresIn });

    const options = {
      maxAge: expiresIn,
      httpOnly: true,
      secure: true, // Use in production with HTTPS
      sameSite: 'strict'
    };

    res.cookie('session', sessionCookie, options);
    res.json({ status: 'success' });
  } catch (error) {
    res.status(401).send('Failed to create session cookie');
  }
});

// Without revocation check (faster, less secure)
const decodedClaims = await admin.auth().verifySessionCookie(sessionCookie);

// With revocation check (slower, more secure)
const decodedClaims = await admin.auth().verifySessionCookie(
  sessionCookie,
  true // checkRevoked
);