I’m writing a React web app and I’m creating a new auth0Client in my useEffect on every mount. I’m having users log in with loginWithPopup. Then I’m checking isAuthenticated and getUser, both of which work fine, until I refresh the page. Then, isAuthenticated returns false.
Am I misunderstanding something about how Auth0 handles sessions? What is the recommended way to maintain state (specifically the user being authenticated) between refreshes?
Hi @roamingstars,
Welcome back to the Auth0 Community!
The reason the user is being logged out after a page refresh when using the React SDK might be the lack of implementing the onRedirectCallback function found on the Auth0 Provider, which removes the state and code parameters from the URL after being redirected from the authorize page so that the Callback URL is stil valid.
This is a code snippet of implementing it:
const onRedirectCallback = (appState) => {
history.push(
appState && appState.returnTo ? appState.returnTo : window.location.pathname
);
};
referenced in the State and Code Parameters Stuck in URL react-auth0 - User Getting Logged Out on Page Refresh article.
I hope this helps!
Best regards,
Remus
Forgive me for my confusion, but why do I need to handle a redirect if I’m using loginWithPopup?
I figured out the issue. I tried switching browsers from Brave to Chrome, and isAuthenticated started returning true even after page refreshes. Then I returned to Brave and disabled Brave Shields, and suddenly everything started working.
It seems the issue was with Brave’s security settings. There was no issue on Auth0’s part.
Hi @roamingstars,
Thanks for providing your solution.
Indeed browsers that block 3rd party cookies can cause this type of issue since silent authentication can not take place anymore. I’m leaving this documentation here as well, that talks about Authentication Lost after Refreshing an SPA since it might help others as well.
Thanks,
Remus