How to persist login with auth0-react after page refresh without localStorage?

  • Which SDK this is regarding:

  • SDK Version:

  • Platform Version:
    Node.js v14.17.1

  • Code Snippets/Error Messages/Supporting Details/Screenshots:
    Using the standard Auth0Provider but login gets lost on page refresh when cacheLoction is memory. I don’t want to use localStorage because it’s not a safe option.
    With localStorage it works fine, but want to use a safer option here.

Any idea how I can achieve this?
I’m still in the development stage and I’m currently using localhost.

Ahh looks like it was a third party cookie issue.
I set the Auth0 cookies to allowed and it seems to work fine now!

1 Like

Perfect! Glad you have figured it out!

Hi there!

Sorry, I was following this thread and hoping to get more insight on how this works but unfortunately I’m even more confused now.

I basically have the same problem as @ronifintech. I have an SPA with no additional backend server and want to keep my users logged in. I’m still not sure how this would ever be possible with storing at least something either in local storage, session storage or cookies. Since you suggest that local storage is not an option, I was following the (multiple) guides throughout the Auth0 platform and other forums.

So what do I have so far:

  1. Refresh Token Rotation seems to be the weapon of choice. I’ve set this up in my Auth0 account and implemented the Auth0 SDK in my project.
      domain={ `${REACT_APP_AUTH0_DOMAIN}` }
      clientId={ `${REACT_APP_AUTH0_CLIENT_ID}` }
      redirectUri={ window.location.origin }
      useRefreshTokens={ true }
      <App />

I redirect my user to the Auth0 login page for signing up or logging in. Then the login page redirects back to my SPA - so far so good. On a refresh of the page the login is lost unless I set cacheLocation to localStorage which puts basically all my tokens and IDs into the local storage (access key, client ID, …).

  1. I now read further and found that I have to do a silent authentication? Is that right? Is that additional to the token rotation or is that a different thing?

Sorry about my probably really stupid questions but I’m super stuck and I wanna try to figure this out. Could you give me an example of what you did or of what I have to do?


Correct. i do silent authentication, but also you need to allow auth0 cookies in your browser.
This is how to allow auth0 cookies manually (trying to figure out how to do it automatically…)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.