> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Native to Web SSO and Sessions

> Learn about Native to Web SSO and Sessions

<Warning>
  Native to Web SSO is currently available in Early Access. To use this feature, you must have an Enterprise plan. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/?_gl=1*agihqh*_gcl_au*NjM2NjA1MDg4LjE3NTM5ODE4NjY.*_ga*MTgyNDA4MjM2Ny4xNzE1MTAyMjQy*_ga_QKMSDV5369*czE3NTQ0NzQ3NTAkbzM1MyRnMSR0MTc1NDQ3NjU5MCRqNiRsMCRoMA..). To learn more about Auth0's product release cycle, review Product Release Stages.
</Warning>

When a WebView or browser initiates a call to the `/authorize` endpoint, Auth0 determines if there is an active session, and then either reuses the existing session or honors the provided `session_transfer_token`. To avoid session injection risks, Auth0 uses a safe and predefined evaluation to determine if the `session_transfer_token` is valid. To learn more, read [Configure and Implement Native to Web SSO](/docs/ja-jp/authenticate/single-sign-on/native-to-web/configure-implement-native-to-web).

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  Native to Web SSSO does not change standard Auth0 [Single Sign-On](/docs/ja-jp/authenticate/single-sign-on) authentication.
</Callout>

**Specific Native to Web <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-0" href="/docs/ja-jp/glossary?term=single-sign-on" tip="シングルサインオン（SSO）: ユーザーが1つのアプリケーションにログインした後、そのユーザーを他のアプリケーションに自動的にログインさせるサービス。" cta="用語集の表示">SSO</Tooltip> flows can result in the following behaviors:**

1. The user is logged in when a valid `session_transfer_token` is sent and there is no pre-existing Auth0 session.
2. The user is logged in when a valid `session_transfer_token` is sent and a pre-existing Auth0 session is found for the same user.
3. The user is prompted to login when a pre-existing Auth0 session is found and the `session_transfer_token` belongs to a different user. Additionally, the pre-existing Auth0 session is revoked.
4. The user is prompted to log in when a pre-existing Auth0 session is found and the `session_transfer_token` is invalid.

## Sessions and refresh token revocation

A [`session_transfer_token`](/docs/ja-jp/authenticate/single-sign-on/native-to-web/configure-implement-native-to-web#create-and-manage-session-transfer-tokens) is used to initiate a secure session in a WebView or browser to securely authenticate the user without being prompted to login. These web sessions may also issue their own <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-1" href="/docs/ja-jp/glossary?term=refresh-token" tip="リフレッシュトークン: ユーザーに再度ログインを強いることなく、更新されたアクセストークンを取得するために使用されるトークン。" cta="用語集の表示">refresh tokens</Tooltip>.

Native to Web SSO applies a set of revocation rules to ensure consistent and secure behavior when sessions and refresh tokens are revoked:

* When a refresh token is revoked, it also revokes its associated refresh tokens and sessions if `enforce_cascade_revocation` is enabled in the native application.
* When a web session is revoked, it also revokes its associated refresh tokens  if `enforce_online_refresh_tokens`  is enabled in the web application
* Nested Native to Web SSO is not allowed. A web session created using a `session_transfer_token` cannot generate another `session_transfer_token`.
