3 day inactivity timeout on essential plan

Do our users really get logged out if they don’t use our app every 3 days, regardless of any other session / refresh token settings? This is a nightmare user experience scenario for us.

Seems like a questionable (at best) tactic to get people to pay for a higher tier on Auth0, especially struggling bootstrapped startups like us that are trying to do everything they can to give users the best possible experience and retain customers. We don’t have the money to pay for an enterprise plan. Is there anything we can do? Other than hacking in an insecure workaround, like a backend “keep-alive” job, which would require us to store users’ refresh tokens.

Am I missing something here? There are a lot of other posts on the same topic, so I imagine I am not:

https://community.auth0.com/t/short-inactivity-timeout/57918

https://community.auth0.com/t/handling-short-inactivity-timeout-and-user-acceptance-of-repeated-session-expiration/31363

https://community.auth0.com/t/handling-short-inactivity-timeout/50405

https://community.auth0.com/t/increase-inactivity-timeout-and-require-log-in-after-on-the-essentials-plan/81337

https://community.auth0.com/t/auth0-increase-inactivity-timeout/75735

https://community.auth0.com/t/auth0-session-lifetime/59055

https://community.auth0.com/t/is-it-possible-to-use-auth0-for-long-term-web-authentication/20550/2

https://community.auth0.com/t/how-to-stay-logged-in-forever-ish/62926/10

Hi @john.bryant,

Thanks for reaching out to the Auth0 Community!

Yes, that is correct. Our documentation states the following:

image798×239 19.5 KB

I recommend using the Refresh Token Rotation technique to persist the user session longer than 3 days, as you have found.

Doing so would be the best way to extend the user’s session.

Please let me know how this works for you.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.