Checking auth0.is.authenticated cookie vs storing session cookies

Hello community!

After authentication, Auth0 stores a cookie called auth0.is.authenticated.

I’d like to check the status of this cookie before invoking a call to authenticate the user again.

Essentially, piggy back Auth0’s cookie as a defacto session cookie.

The pseudo I’m thinking of is something like: -If auth0.is.authenticated → no call to the login sdk

Is this a robust enough solution to what amounts to a transient user session?

Thanks!

Hello @dmorin!

It’d likely be safest to rely on the Auth0 SDK you are using to check if a user is authenticated. For example, in the React SDK this would look like:

import React from "react";
import { useAuth0 } from "@auth0/auth0-react";

const Profile = () => {
  const { user, isAuthenticated, isLoading } = useAuth0();

  if (isLoading) {
    return <div>Loading ...</div>;
  }

  return (
    isAuthenticated && (
      <div>
        <img src={user.picture} alt={user.name} />
        <h2>{user.name}</h2>
        <p>{user.email}</p>
      </div>
    )
  );
};

export default Profile;

As discussed in this Github issue, auth0.is.authenticated is used to determine if a request to Auth0 for silent authentication should take place. Depending on timing, in cases where silent authentication would fail (i.e. an expired session), it’s possible that auth0.is.authenticated would be true when in fact the user should log in. If you were to use an Auth0 SDK instead, then it will handle the authentication check for you.

Hi @stephanie.chamblee ,

I’ve been elbow deep in some other stuff.

Thanks for the refresher. I was able to achieve the result I wanted with your help.

1 Like

Glad you were able to implement a solution!