When to set Firebase auth state persistence

5
votes

according to the guide, the firebase auth state persistance is set before the actual login method is called:

firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)
  .then(function() {
    // Existing and future Auth states are now persisted in the current
    // session only. Closing the window would clear any existing state even
    // if a user forgets to sign out.
    // ...
    // New sign-in will be persisted with session persistence.
    return firebase.auth().signInWithEmailAndPassword(email, password);
  })
  .catch(function(error) {
    // Handle Errors here.
    var errorCode = error.code;
    var errorMessage = error.message;
  });

See https://firebase.google.com/docs/auth/web/auth-state-persistence

However, shouldn't it be the other way around? Shouldn't I first ensure that the login was successful and then attempt to set the persistence?

In the suggested approach, a user could have like 10 wrong login attempts, and everytime he would request firebase to set the persistence, even if the login was not successful.

It would be the same for Signup for instance. Is there an actual way to set the firebase auth persistance persistantly to SESSION or NONE by default?

1
firebasefirebase-authentication

1 Answers

0
votes

Actually, it is quite flexible. You can set it once and the last setting will always be applied. You don't need to that each time. It will remember the last persistence setting as long as you don't reload the page.

Also you have the ability to change the persistence after sign in. So if the user signs in and the default persistence was used and then you set persistence to SESSION, the user state will be converted to SESSION.