Expired Log In Transaction Behavior

eih · November 30, 2023, 7:00pm

Background:

I’m prepping my classic universal login page for the upcoming 1-hour expiration. Because we’re not on the new universal login, users will get redirected to our generic error page (not any default or client specific initiate_login_url) when the log in transaction has expired. The expiration right now is 3 days but more like 2-3 hours in my experience. I am adding some javascript to the login.html page to set a pre-login session expiration that once triggered will warn users and provide a link to restart the login flow. This seems like a better ux for users.

My question: Because we have multiple apps/clients (web/native) with their own initiate_login_url, would it be enough to just call window.location.reload() vs create branching logic to figure out the client_id and redirect to a url that will start the log in flow again? More specifically is Auth0 smart enough to handle this page reload and redirect the client caller with a new auth transaction state that preserves any other data that was passed to it? This seems like the right and easiest approach, if Auth0 can handle that.

I assume this works because I can start a login flow, let it sit for an extended amount of time, and when I reset it, the auth flow begins again and I get new values in my url query parameters, at least the state one.

pratyush.pandey · January 4, 2024, 7:03pm

Yes, calling window.location.reload() should be sufficient in your case to restart the login flow. When the page reloads, Auth0 will handle the authentication process again and generate a new authentication transaction state.

Auth0 is designed to handle these scenarios seamlessly. When the page is reloaded, Auth0 will recognize that the authentication transaction has expired and initiate a new login flow. The new login flow will generate new values for the URL query parameters, including the state parameter.

By using window.location.reload(), you ensure that the user is redirected back to the appropriate initiate_login_url for their specific app/client. This eliminates the need for branching logic to determine the client_id and redirect accordingly.

Overall, this approach should work well and provide a better user experience by warning users and giving them the option to restart the login flow when the session has expired.

system · January 18, 2024, 7:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0 login callback errors on Classic Universal Login page when browser sits overnight Help classic-universal-login-experience , login-experience	4	1340	November 16, 2023
Does the auth0 login pages expire? Help login-experience , new-universal-login-experience	2	361	February 29, 2024
How to Test changes to Maximum Expiration Time for Login Transactions Deprecation Knowledge Articles	1	974	October 3, 2023
Auth0 cookie expirey while on universal login page Help auth0	10	3977	April 21, 2020
About the 'Reducing Maximum Expiration Time for Login Transactions.' Email Knowledge Articles	1	1231	October 3, 2023

Expired Log In Transaction Behavior

Related topics