checkSession never asks for login

I’m using 8.10.1 Auth0.js library; calling the checkSession (Auth0.js v9 Reference) to refresh ID token when it expires. I was under impression that when SSO session expires this call will return login_required but it never happens. Even when I set SSO session to 1 minute and ID token to 30 second I am able to get new tokens indefinitely and I never receive login_required.

Am I doing something wrong?

I could not reproduce the situation you describe and the response I obtained after session expired was login_required as expected.

Here’s the steps I did:

  1. Set the SSO Cookie Timeout to one minute.
  2. Opened a browser window in incognito in order to ensure no previous session would be reused.
  3. Performed the authentication flow to establish a session.
  4. Immediately performed a checkSession call to ensure it worked when the session is available.
  5. Waited for the session to expire; I likely waited around one minute and half to two minutes.
  6. Performed a checkSession call (which failed with login_required).

Have in mind that the lifetime of the issued ID token is not relevant for this situation.