Auth0 Home Blog Docs

Why does checkSession need cookies?



Why does auth0.checkSession() function need cookies to be enabled? Is there a way we can pass all the required parameters without cookies? This is a show stopper for some browsers, as third-party-cookies are disabled by default.


When a user authenticates, a cookie is stored with the session details. This enables [checkSession] ( to acquire a new token from Auth0 for a user who is already authenticated against Auth0 for your domain.

For the [silent authentication] ( to be possible, you must [Have a SSO cookie for the tenant’s domain (in other words, the user has previously signed in and their saved cookie is still valid);] ( There have been internal discussions around this topic, but at the moment cookies need to be enabled for checkSession to work.

You see a video about how Auth0 handles sessions and cookies here: