Authenticated browser session and new tabs in incognito mode

When logged into our app in Incognito / Private mode or using privacy addons such as Privacy Badger, new tabs opened with composed URL’s in the same browser session goes through part of the authentication process e.g. authorize and code and kicks the user to the landing page.

The session is clearly active and valid as the user doesn’t have to login again.

Is there some setting or workaround in code to prevent the re-authentication / refresh process or redirect the user to the URL path once this process is complete?


  1. Logged into app in Incognito window
  2. Open a tab to
  3. Authorizes and redirects user to instead


Hi @joseph4,

Would you mind providing details on which Auth0 SDK you are using (e.g. auth0-react)?

It sounds like the tokens might be stored in app memory, which is the default and recommended approach (Token Storage).

The in-memory method for browser storage does not provide persistence across page refreshes and browser tabs.


Yes we’re using auth0-react. I suppose then going with local storage would be a viable solution as per the provided link?


Yes, if you add cacheLocation="localstorage" to the Auth0Provider component, the session should persist in different tabs. Also note the security considerations with using local storage in the docs.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.