Persistence in Firebase

When a user logs into our Firebase application, the user’s authentication state is persisted by default, until the user explicitly signs out. This is convenient because requiring a user to sign in whenever the user visits our application or reloads the browser is a bad user experience. However, there are situations where this behavior might not be ideal. hen a user logs in on a publicly shared device, forgets to sign out, or when our application holds sensitive information, we need to override this default behavior.

Using the Firebase Authentication SDK, we can specify how users’ authentication states persist and what conditions should trigger another sign-in from the users. These conditions include reloading the page or closing the browser window, and so on.

Supported persistence types

The Firebase Authentication SDK supports three types of authentication state persistence.

• Local: This type of persistence indicates that users’ authentication states persist even when the browser window is closed. This means that an explicit sign-out from the user is required to clear the authentication state. With Firebase, this is done with the browserLocalPersistence function imported from the firebase/auth subpackage.

• Session: The authentication state will only persist in the current tab or the browser session and is cleared once the tab is closed. This form of persistence only applies to web applications. In Firebase, we use this by calling the browserSessionPersistence function.

• None: This indicates that the authentication state clears whenever the window or activity refreshes. This persistence is set by using the inMemoryPersistence function on the Firebase Authentication SDK.

Modify persistence in Firebase

We use the setPersistence function to modify authentication state persistence in Firebase. This function takes three arguments: the auth instance, the type of persistence to use, and a promise that resolves once the persistence change completes: