Auth0 not maintaining session in normal browser window

I was following this example:
https://auth0.com/docs/quickstart/spa/react/01-login

The authentication works ok with my app but sessions are not maintained throughout different tabs in the same browser window. (not incognito). So it prompts the user to login again. Is there a way to remove this behaviour?
Looking at other comments and post here in the community, this should not be the default behaviour. Correct?

Hi @b.kisfali,

This is likely because you need to call the checkSession() method to verify the user is authenticated.

This thread should have your answers:

Please let us know if this works for you.

Thanks,
Dan

Hi @dan.woda,
I went through that thread and the blog. I believe that this can be the solution, however I am not sure where to implement setSession() and silentAuth() methods as I am using the new React hook version of Auth0 wrapper. …I could also see in my react-auth0-wrapper.js file that there is a function called getTokenSilently. So probably I do not need to implement those two functions but use getTokenSilently instead?
If yes, where and how should I implement it?

Or it is already implemented in the Auth0Context.Provider?

    <Auth0Context.Provider
  value={{
    isAuthenticated,
    user,
    loading,
    popupOpen,
    loginWithPopup,
    handleRedirectCallback,
    setSession,
    silentAuth,
    getIdTokenClaims: (...p) => auth0Client.getIdTokenClaims(...p),
    loginWithRedirect: (...p) => auth0Client.loginWithRedirect(...p),
    getTokenSilently: (...p) => auth0Client.getTokenSilently(...p),
    getTokenWithPopup: (...p) => auth0Client.getTokenWithPopup(...p),
    logout: (...p) => auth0Client.logout(...p)
  }}
>
  {children}
</Auth0Context.Provider>

If yes, then I probably still have the issue, as it is maybe not functioning.

Sorry for the delay in response on this. Are you still having trouble? It looks like the silentAuth method is there like you stated, but it doesn’t look like it is being called in the repo you linked.

It does look like it is used in the API example of that project:

Does that help?

Thanks,
Dan

Hi @dan.woda,
It seems it works ok and it happened “magically” …not exactly, but when I was testing the solution, my auth flow, I always used a social provider Google to authenticate myself. And I was always propmted to login again. But then, just by chance, I used another login method with email and password. Then the session was stored properly.
So when I was reading this https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/article I found that sentence which helped me.

Blockquote
You might not have noticed but, even though you didn’t configure anything related to Google in your Auth0 account, the social login button is there and works just fine. The only reason this feature works out of the box is because Auth0 auto-configure all new accounts to use development keys registered at Google. However, when developers start using Auth0 more seriously, they are expected to replace these keys with their own. And, to force this, every time an app tries to perform a silent authentication, and that app is still using the development keys, Auth0 returns that there is no session active (even though this is not true).

So I haven’t re-factor anything and it seems working. But I do not know if the silentAuth() is called from somewhere or just works out-of-the-box of the react-auth0-wrapper.js?

Hi @dan.woda,
I’m sorry, my previous comment is not really correct, it was a particular case it worked.
So, is there a place in a React app where I can implement this approach as you suggested above? Otherwise, it would be cumbersome to implement it to the many routes in the app.

Hey @b.kisfali,

Im going to reach out to try and get some confirmation on this, as I am not an expert on the React implementation. I think you would do this in the privateRoute component as this is the wrapper for any protected route. It is mentioned here:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.