Login logs after refreshing the page on spa

Hi,

I need some clarifications on the login flow.
When I refresh my spa I don’t see the login screen again but after checking the logs I see a Successful login log.
I would expect not to see this log since the session was still available and I didn’t had to enter my credentials again.

Is there something wrong here ? Is the login always required on refresh ? I’m aware of some browsers blocking cookies, this flow was tested in a non blocking setup.

Best regards,

Miguel

Hi @miguel.rosa

Welcome back to the Auth0 Community!

I believe that the Successful Login log event that you are seeing is a result of the silent authentication event, where the application uses the existing session to get the tokens without any user interaction.

In general, there are two aspects at play here:

• The session created by Auth0 : this is created the first time a user logs in and is stored in a cookies;
• The session and tokens created by your SPA: when the page is refreshed, the in-memory storage is essentially wiped and the session is " forgotten ".

After a page refresh, the Auth0 SDK checks for a session and if it does not find an active one, it then checks for active Access and Refresh tokens. Once these are found, access is restored seamlessly, but leaves behind the successful login log that you are seeing.

I recommend checking out the following documentations for additional information regarding sessions and silent authentication:

• Sessions
• Configure Silent Authentication
• Authentication Lost after Refreshing an SPA

Hope this helped!
Gerald

That makes sense.

Thanks for the quick response and clarification.

Best regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.