As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.
Session Metadata:
Enables storing and retrieving custom metadata directly within Auth0 sessions
Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata
Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime
Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context
This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.
Availability:
Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.
Learn more: Session Metadata Documentation
Fetched April 11, 2026