Authenticated browser session and new tabs in incognito mode

When logged into our app in Incognito / Private mode or using privacy addons such as Privacy Badger, new tabs opened with composed URL’s in the same browser session goes through part of the authentication process e.g. authorize and code and kicks the user to the landing page.

The session is clearly active and valid as the user doesn’t have to login again.

Is there some setting or workaround in code to prevent the re-authentication / refresh process or redirect the user to the URL path once this process is complete?

Example:

1. Logged into app in Incognito window
2. Open a tab to https://myapp.com/path?query=value
3. Authorizes and redirects user to https://myapp.com instead

Thanks.

Hi @joseph4,

Would you mind providing details on which Auth0 SDK you are using (e.g. auth0-react)?

It sounds like the tokens might be stored in app memory, which is the default and recommended approach (Token Storage).

The in-memory method for browser storage does not provide persistence across page refreshes and browser tabs.

Hi,

Yes we’re using auth0-react. I suppose then going with local storage would be a viable solution as per the provided link?

Thanks.

Yes, if you add cacheLocation="localstorage" to the Auth0Provider component, the session should persist in different tabs. Also note the security considerations with using local storage in the docs.