Hi!
That bullet point in the docs you pasted is for using social connections with auth0 Development Keys, which is not recommended or supported in a production environment.
The Auth0 session in the browser is handled by the auth0 cookie for both Classic Lock and New Universal Login.
Newer browser restrictions can make it harder for a SPA to perform silent authentication.
One way around this is to use a Custom Domain.
You can also utilize Refresh Tokens as another avenue for SPAs.
Auth0 Authentication API Cookies:
Auth0 Custom Domains:
Securing SPA apps with Refresh Token Rotation:
Hope this helps!