Hello,
Generally speaking in web-apps, front-end maintains a session ID in the cookie so as long as those cookie is sent to the back-end and is a valid session ID, user don’t have to login again. This means that if a user deletes all their cookies, then user is required to re-authenticate.
However, in Auth0, this doesn’t seem to be true since I’m not require to re-login even after all cookies are purged. Sessions are alive unless I explicitly call logout API.
How does Auth0 manage sessions in the back-end? (Is it some kind of IP/Mac address mapping with browser ID?)
Thanks in advance.