Why does session expire after page refresh?

I may be doing something incorrectly here, and so I am looking for some help.

We have a React application that is using auth0-js to call .authorize() to redirect the user to the Auth0 login page and obtain a token. We then use that token to make requests to the backend. This currently is working… as long as you don’t refresh the page.

However, if I refresh that page and call .authorize() again, it does not seem to keep the old session and takes the user to the login prompt again.

I have tried passing '{“prompt”: “none”}`, however all this does is return a “login_required” error, which I have read means that it could not find the session.

I am wondering if I should be using checkSession() instead?

I will note, we are currently using the Auth0 Google Social Connection with default dev keys (just for testing the service). I am wondering if that has anything to do with the session expiring each time?

But, I am also wondering if I have the application set up correctly.

We are using a “Machine-to-Machine” application because I am able to use that with an Auth0 API, which I can set as the audience so that I get back a JWT access token. This is a bit confusing to me, because I would think that it makes more sense to describe our use-case as a “Single Page Application”, however in that scenario I can only get opaque tokens. I think that I am misunderstanding something here. And I’m not sure if it’s even related to the inability to keep a session, but I am mentioning it here since it may be relevant.

I would appreciate any help that you can provide with this

1 Like

I am having the same issue but I am working with VueJS.
I have tried to prevent the redirection to the login page on refresh by checking the “isAuthenticated” method.
Initially this:
isAuthenticated () {
return (
Date.now() < this.tokenExpiry &&
localStorage.getItem(localStorageKey) === ‘true’
)
}

Changed to this:
isAuthenticated () {
return (
Date.now() < Number(localStorage.getItem(‘expires_at’)) &&
localStorage.getItem(localStorageKey) === ‘true’
)
}

Though this has prevented returning to the login screen but values in $auth variables are lost.
I am following this thread for more updates.

@bala2: After posting this, I tried with the pre-made React application that is provided (with pre-filled credentials for your application).

I was having the same problem. After some more searching, I noticed that the documentation says that using the social connection with the default dev keys is the cause.

I have not yet tried any other way, but I think that solves it for me anyway.

Still, I am keeping this question posted as I am seeking clarification about single-page-applications v.s machine-to-machine.

Thanks for the suggestion @jeff.peck
I have tried with social connection(google in my case) by enabling the dev keys and taking their clientID and secret from google cloud.
Still the refresh is not working.

Hope to get some clarity on this one officially.

I have added user parameters in localstorage. This helps me retain logged in session even after page refresh.
I have heard that this may not be the safest option but works for my app.
Hope a word comes officially to give more clarity.

Hi,

Is Seamless SSO enabled in your tenant? Seamless SSO uses cookies to maintain a single sign-on session. The cookies will survive a page refresh and subsequent authentication requests should be silent.

Note that, if you don’t see the option, you have a newer tenant for which Seamless SSO will be enabled by default.

Glen is correct! All new tenants as of a year ago have SSO enabled by default.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.