🐛 client.signOut() does nothing if the user is not logged in, leaving them stuck

[paulfalgout]

Summary

Calling client.signOut({ returnTo }) succeeds when a user is logged in, but if no session exists the method does nothing and the user stays on the /logout page (or wherever url they were). This creates a confusing UX because visiting /logout should always redirect the user away, regardless of session state.

Expected Behavior

client.signOut() should redirect to the provided returnTo URL even when there is no active session.
Alternatively, the method should throw or return a clear signal that no session exists so applications can handle the redirect manually.

Actual Behavior

If there is no WorkOS session cookie:

• signOut() performs no redirect
• No error is thrown
• The user remains on the /logout route

This occurs if a user clears cookies, opens an old tab, has an expired session, or visits /logout directly.

Steps to Reproduce

1. Ensure no WorkOS session cookie exists (incognito window).
2. Call:

   client.signOut({ returnTo: 'https://example.com/logged-out' });

3. Observe that no redirect happens.

$$ Possible Solutions

• Always redirect to returnTo, even without a session.
• Or throw a clear error

[nicknisi]

Yeah, that's not a great state to be in. What do you think about this:

• When no session but a returnTo is provided, navigate directly to that.
• When no session and no returnTo, throw a NoSessionError.

This would make the possible scenarios change in the following ways:

Scenario	Current	Proposed
Session exists	Works as expected	No change
No session + returnTo + navigate: true	Does nothing	Redirects to returnTo
No session + returnTo + navigate: false	Resolves silently	Resolves silently (no fetch needed)
No session + no returnTo	Does nothing	throws NewSessionError

[paulfalgout]

sounds great