Interacting with Stateful Sessions and Cookies

I’m beginning to familiarize myself with the Auth0 documentation, and I have a couple questions about interacting with stateful sessions and cookies. To be clear, I’m designing a new system, and I’d like to incorporate stateful session data. One such capability I’d like to do is revoke a malicious user’s session at will, i.e. by deleting a database record.

I noticed that there is an Auth0 Session Layer that is said to maintain a session on the Authorization Server. However, the Auth0 Management API doesn’t refer to any endpoints that would let me interact with this session data. Is there a way to do so?

Reading further, I noticed a suggestion in the Cookies documentation, that describes that it “requires a database to store the session data (but most web applications already have this).” Does this mean I cannot interact with the session data referred to above?

It’s acceptable that I store such session data in another place (e.g. a Redis cache) but I’d like to explore what options I have before making a decision.

What does the Auth0 team and/or community recommend doing for adding stateful session management into their system architectures?

Thanks for your help!

Hi @amckinney,

Welcome to the Community!

I can speak to the session management via API. This is something I have seen floating around, and something we are trying to gather feedback on. Could you please describe your use-case in detail to our product team through the our feedback page? We use this info to roll out features like this one.

That’s great! Happy to hear that this is something you’re thinking about.

I sent in a feedback message with some more details about what I’m looking for. Should I expect a response there?

Please let me know! I appreciate the help!

1 Like

The team will reach out to you if they have any other questions.