Auth0 user session persistence under classic experience

  • Background: Vue3 Single Page Application
  • Issue: Auth0 classic experience (Classic Universal Login Experience), after user logged in, then refresh the page, the user is required to log in again (the session is not persisted)
  • Question: In auth0, how to persist the login session when using Classic Experience?
  • Definition and more info: New Universal Login Experience
  • Under title “How it is different from Classic Universal Login”, it says:

Single Sign-on (SSO) and Silent Authentication will work properly, which does not happen in the Classic Experience.

Hi!

That bullet point in the docs you pasted is for using social connections with auth0 Development Keys, which is not recommended or supported in a production environment.

The Auth0 session in the browser is handled by the auth0 cookie for both Classic Lock and New Universal Login.

Newer browser restrictions can make it harder for a SPA to perform silent authentication.

One way around this is to use a Custom Domain.
You can also utilize Refresh Tokens as another avenue for SPAs.

Auth0 Authentication API Cookies:

Auth0 Custom Domains:

Securing SPA apps with Refresh Token Rotation:

Hope this helps!

2 Likes

Thanks for helping on this one Marcus!