Use Cases: Configure Keep Me Signed In using Sessions

Before you start

Ensure you have:

The Keep Me Signed In experience provides users the option to stay logged-in on a trusted device.

  • If the Keep Me Signed In checkbox is selected, it sets a persistent session which survives browser restarts.

  • If the Keep Me Signed In checkbox is not selected, it sets a non-persistent session which expires when the browser closes.

Using non-persistent (ephemeral) sessions with Actions, the server securely handles this logic without exposing refresh tokens to the frontend.

Using Custom Prompts, Auth0 CLI, and ephemeral sessions via Actions, you can implement a secure and modern "Keep Me Signed In" flow with no refresh tokens, no client-side session hacks, and full backend control.

This solution is ideal for customers prioritizing:

  • Zero-trust browser session handling

  • Minimal session persistence

  • Trusted device overrides

Configure a Universal Login page and Add a custom prompt

To gather the user’s Keep Me Signed In preference, you need to customize Universal Login by configuring a page template and adding a custom prompt using Auth0 CLI.

Optional: Enable the Universal Login page template

Use the following command to create or update the page template:

auth0 universal-login templates update

Was this helpful?

/

The customization editor opens the login page template. You can use any HTML structure that fits your brand.

Here is a minimal example template with a background and wrapped widget:

<!DOCTYPE html>
<html lang="{{locale}}">
  <head>
    {%- auth0:head -%}
    <style>
      body {
        background-image: url("https://images.unsplash.com/photo-1643916861364-02e63ce3e52f");
        background-size: cover;
        background-position: center;
      }
      .prompt-wrapper {
        display: flex;
        align-items: center;
        justify-content: center;
        height: 100%;
        background-color: rgba(0, 0, 0, 0.3);
      }
    </style>
    <title>{{ prompt.screen.texts.pageTitle }}</title>
  </head>
  <body class="_widget-auto-layout">
    {% if prompt.name == "login" or prompt.name == "signup" %}
      <div class="prompt-wrapper">
        {%- auth0:widget -%}
      </div>
    {% else %}
      {%- auth0:widget -%}
    {% endif %}
  </body>
</html>

Was this helpful?

/

Save and close the editor, the Auth0 CLI prompts you to confirm:

Do you want to save the template? Yes

▸ Successfully updated the template for the New Universal Login Experience!

Was this helpful?

/

Add a Keep Me Signed In checkbox using Auth0 CLI

To add a checkbox into the Universal Login screen, follow these steps:

Launch the customization editor

Open the customization editor for the login-id or login prompt  depending on your tenant configuration:

auth0 universal-login customize -p login-id

Was this helpful?

/

Select Standard for rendering mode.

Rendering Mode: standard

Was this helpful?

/

The customization editor launches at a local address:

http://localhost:52649

Was this helpful?

/

Configure the checkbox

Open the Partials option in the customization editor:

  • Set Prompt to: login-id (or login)

  • Set Screen to: login-id (or login)

  • Set Partial to: form-footer-end

Add the following HTML snippet:

<div class="ulp-field">
  <input type="checkbox" name="ulp-remember-me" id="remember-me">
  <label for="remember-me">Stay signed in on this device?</label>
</div>

Was this helpful?

/

This renders the checkbox underneath the login form.

Deploy your changes

Select Deploy Changes in the top-right corner to save and apply the customization.

Checkpoint

The login screen includes a Keep Me Signed In checkbox.

Create a Post-Login Action using Auth0 CLI

Create a new file called set-session-persistence.js for use with Auth0 CLI and add the following code:

exports.onExecutePostLogin = async (event, api) => {

  // Apply the change only when the parameter is available
  if (event.request.body['ulp-remember-me']) {
    api.session.setCookieMode('persistent');
  } 
};

Was this helpful?

/

Use Auth0 CLI to create or update your post-login Action using the set-session-persistence.js file:

auth0 actions create --name kmsi --trigger post-login --code "$(cat set-session-persistence.js)"

Was this helpful?

/

Auth0 CLI returns the Action Id:

ID             f54c4aae-431f-4290-a7e0-cfc6a3f28386
NAME           kmsi
TYPE           post-login
STATUS         pending
DEPLOYED       ✗
LAST DEPLOYED
LAST UPDATED   0 seconds ago
CREATED        0 seconds ago
CODE           exports.onExecutePostLogin = async (event, api) => {
                   if (event.request.body['ulp-remember-me']) {
                     api.session.setCookieMode("persistent");
                   } else {
                     api.session.setCookieMode("non-persistent");
                   }
                 };

Was this helpful?

/

Deploy your Action using its id:

auth0 actions deploy <id>

Was this helpful?

/

Navigate to the Auth0 Dashboard > Actions > Triggers > Post-Login to add the new action to the current flow and select Apply.

Optional - Set Session duration for trusted devices

You can use api.session.setExpiresAt() or api.session.setIdleExpiresAt()methods to further customize session lifetimes.

exports.onExecutePostLogin = async (event, api) => {
  if (event.request.body['ulp-remember-me']) {
    api.session.setCookieMode("persistent");

    const now = Date.now();
    api.session.setExpiresAt(now + 7 * 24 * 60 * 60 * 1000); // 7 days
  } else {
    api.session.setCookieMode("nonpersistent");
  }
};

Was this helpful?

/

Test implementation

To verify the session behavior, you can:

Log in using Universal Login, and select the Keep Me Singed In checkbox.

  • In the tenant logs, search for (event types s or ssa)

    • cookie: { mode: "non-persistent" }

    • cookie: { mode: "persistent" }

  • Search for event.session.cookie.mode in your Actions