I have a question about the behavior of the state parameter in the Auth0 login URL. It seems this parameter has a time limit, after which Auth0 appears to lose the associated redirect URL. When this happens, users are redirected to the default landing page of our application instead of the intended redirect URL after a successful login.
This issue occurs with one of our customers who automatically reboot their PCs nightly. When they log in the following morning, they are redirected to the general application URL rather than the expected destination.
We’ve noticed that the problem arises if the login page remains open for an extended period (e.g., 1–2 hours) before completing the login process. However, if the login flow is completed without such a delay, everything works as expected.
Could you provide guidance on whether this behavior is expected? Is there a way to extend the lifespan of the state parameter or ensure the redirect URL is preserved regardless of delays at the login page?
Thank you for your question. The behavior you observe is expected, as the state parameter has a limited lifetime due to security reasons. Unfortunately, it’s not possible to modify the length or size format of the parameter.