When you force a user to login via passing prompt=login as a query parameter when making the login request, what happens at the Auth0 authorization server session-level?
For example- Say you have two different applications leveraging the same Auth0 authentication domain AND the same user can potentially have a different email address in each… if a user authenticates in both, with different emails, does that create two sessions? Or does the first one get revoked?
Hi @michael23
I am sorry about the delayed response.
if a user authenticates in both, with different emails, does that create two sessions?
Yes, the user will have two sessions with each identity.
Basically, if a user who is authenticated in two different applications under the same Auth0 tenant, by forcing one of the identities to login again in either one of the applications, the session should be invalidated for that specific identity and for the applications associated with it.
By terminating the session of a single identity of a user, it would not terminate the sessions active for their other identities.
I would recommend to read our documentation regarding session layers.
If you have any other questions, let me know!
Kind Regards,
Nik