Authenticated browser session and new tabs in incognito mode

joseph4 · June 15, 2021, 3:54pm

When logged into our app in Incognito / Private mode or using privacy addons such as Privacy Badger, new tabs opened with composed URL’s in the same browser session goes through part of the authentication process e.g. authorize and code and kicks the user to the landing page.

The session is clearly active and valid as the user doesn’t have to login again.

Is there some setting or workaround in code to prevent the re-authentication / refresh process or redirect the user to the URL path once this process is complete?

Example:

Logged into app in Incognito window
Open a tab to https://myapp.com/path?query=value
Authorizes and redirects user to https://myapp.com instead

Thanks.

stephanie.chamblee · June 15, 2021, 4:14pm

Hi @joseph4,

Would you mind providing details on which Auth0 SDK you are using (e.g. auth0-react)?

It sounds like the tokens might be stored in app memory, which is the default and recommended approach (Token Storage).

The in-memory method for browser storage does not provide persistence across page refreshes and browser tabs.

joseph4 · June 15, 2021, 5:57pm

Hi,

Yes we’re using auth0-react. I suppose then going with local storage would be a viable solution as per the provided link?

Thanks.

stephanie.chamblee · June 15, 2021, 6:00pm

Yes, if you add cacheLocation="localstorage" to the Auth0Provider component, the session should persist in different tabs. Also note the security considerations with using local storage in the docs.

system · June 30, 2021, 6:00pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.