Overview
When using Safari, the user is logged out immediately after a refresh. Logging in again requires to input credentials again, meaning the session is lost. However, on the Chrome browser, it is working. This article details why this is happening and what can be done in this situation.
Applies To
- Browsers
- User Session
Cause
This could happen when the App has a domain different from the Auth0 tenant canonical domain. This is because, upon a refresh, the silent authentication fails due to third-party cookies being blocked on these browsers. Per understanding, Safari and Firefox block third-party cookies by default.
Solution
The workaround would be to set up a custom domain that matches the top-level domain. When the top-level domain matches, the cookies will be treated as first-party and, hence, will not be blocked.