How to distinguish between actual login and authentication

anna.jacobsen · April 10, 2026, 8:33am

We have a case where we set a registration flag to true if the login_count is 1. However, we have found that even if a user dont add their credentials to perform an actual login, e.g. their session is already stored as a cookie in the browser, and then they press our login button so we authenticate them again without making them write credentials, the login count is still 1 and then we registrate them again. Is there some way of distinguishing between the actual login sequence, and just authenticating them when they are sort of already logged in in auth0?

I saw someone writing that you could use event.transaction.protocol and event.request.query.prompt, but when i console log this in both cases (actual login and just authentication) both of the values above are the same. It seems like the event in the authentication is just the actual login event (when the count increased), as i verified by checking timestamps etc.

How can i find out in an action trigger that an event is the type of event that doesnt increase the login count, so i can seperate between the actual registration and the authentication that follows.

remus.ivan · April 10, 2026, 6:25pm

Hi @anna.jacobsen,

Welcome to the Auth0 Community!

You have correctly identified that querying the event.transaction.protocol and event.request.query.prompt events does not provide the desirable outcome in this scenario, as the values can be both the same.

The recommended solution for this use case would be to utilize the session information context within a Post-Login Action by comparing the session authenticated timestamp - event.session.authenticated_at to the session update timestamp - event.session.updated_at. Please note that the session context is only available to enterprise subscriptions.

This article - Differentiate User Logins From Session Reuse (SSO) in Post-Login Actions provides more information on the matter, including action code snippets, as well as a workaround for non-enterprise customers.

I hope this helps, and if you have further inquires on the matter please let me know.
Best regards,
Remus

Topic		Replies	Views
How to judge sign-up or login at Post-Login Action? Get Help login-experience , new-universal-login-experience	1	1829	August 13, 2025
Auth0 Actions: Find the Login count for SSO users Get Help sessions , authentication-sessions	2	1432	October 29, 2023
In post-login action, how to distinguish initial session login from reuse of existing session? Get Help sessions , authentication-sessions	4	248	April 25, 2025
Due to cookies, stats.loginsCount does not reflect expected behavior Get Help	1	3212	November 4, 2019
Auth0 post-login Action firing unexpectedly Get Help extensibility , actions-extensibility	5	2428	January 8, 2024

How to distinguish between actual login and authentication

Related topics