Since a few days the behaviour on page refresh (localhost) has changed.
Usually Auth0 remembers that I was loged in and I could redirect to the site where I did the page refresh.
Now I am redirected to an auth0 site where I should confirm that I allow the user to enter this app. After I click on “Annehmen” I am redirected to my app, but lost the original URL that I could use for a redirect.
What has changed the last days?
Hi @vanheek
Welcome back to the Auth0 Community!
The behavior changed because your web browser recently received an update that strictly blocks third-party cookies . This breaks Auth0’s ability to silently restore your session in the background on localhost . Because the silent restore fails, your app is forcing a full interactive login. The consent screen (with the “Annehmen” button) appears because Auth0 has a strict, hardcoded security rule: applications running on localhost are never allowed to silently skip user consent.
[Solution]:
To fix this and restore your seamless page refresh behavior, you need to transition away from relying on third-party cookies. The best way to do this is by enabling Refresh Token Rotation .
In your frontend code , update your Auth0 initialization configuration to use refresh tokens and store them in local storage. This allows the token to survive page refreshes without needing the iframe or third-party cookies. If you need help with the specifics, let me know.
Once you make this change, log in once interactively. After that, you can refresh the page as much as you want, and your session will be restored instantly from local storage.
Kind Regards,
Nik