What are the parameters when a user is logged in and is able to stay logged in? Does this rely on the browser and if cookies are enabled or is this dependent on other browsers like Edge, Firefox, and Chrome?
Session management can be complex and depends on various factors.
It is important to understand that there are three session layers: the actual application session, the Auth0 server-side session, and the possible IdP layer session (for example, Google social or enterprise connections).
In the Session management document, there is a video about session logout that will clarify these concepts.
If you’re using refresh tokens, they are used to generate new access tokens. Take a moment to review this process and examine the available configurations. Refresh token settings are configured at the application level in the dashboard, and this should be reviewed based on the specific application.