Auth0 user session persistence under classic experience

gloria · July 26, 2021, 4:33pm

Background: Vue3 Single Page Application
Issue: Auth0 classic experience (Classic Universal Login Experience), after user logged in, then refresh the page, the user is required to log in again (the session is not persisted)
Question: In auth0, how to persist the login session when using Classic Experience?
Definition and more info: New Universal Login Experience
Under title “How it is different from Classic Universal Login”, it says:

Single Sign-on (SSO) and Silent Authentication will work properly, which does not happen in the Classic Experience.

marcus.baker · July 27, 2021, 1:00am

Hi!

That bullet point in the docs you pasted is for using social connections with auth0 Development Keys, which is not recommended or supported in a production environment.

The Auth0 session in the browser is handled by the auth0 cookie for both Classic Lock and New Universal Login.

Newer browser restrictions can make it harder for a SPA to perform silent authentication.

One way around this is to use a Custom Domain.
You can also utilize Refresh Tokens as another avenue for SPAs.

Auth0 Authentication API Cookies:

Auth0 Custom Domains:

Securing SPA apps with Refresh Token Rotation:

Hope this helps!

konrad.sopala · July 27, 2021, 9:33am

Thanks for helping on this one Marcus!