api.session.setExpiryAt() in post-login action fails to expire session

Using an post-login action to expire the session to a configured length of time for a particular customer.

Referencing the code below, I see that the relevant setExpiryAt() calls are executed because I see “Session/token expires in…” in the Action Execution logs for my login tests.

And yet my session does not expire. What am I missing?

Here’s the relevant code:

        ...
    if (sessionTimeoutMinutes) {
      if (!event.session) {
        console.log("!!!!! event.session undefined")
      }
      else if (!event.session.id) {
        console.log(`!!!!! no session.id - session: ${JSON.stringify(event.session)}`)
      } else {
        const expirationTimeMs = sessionTimeoutMinutes * 60 * 1000;
        const expiresAt = Date.now() + expirationTimeMs;
        api.session.setExpiresAt(expiresAt);
        api.refreshToken.setExpiresAt(expiresAt);
        console.log(`>Session/token expires in ${sessionTimeoutMinutes} min at ${(new Date(expiresAt).toISOString())}`);
      }
    }

Hi @terren

Welcome to the Auth0 Community!

I would advise to you review the following documentation and knowledge article regarding the matter:

• Sessions with Actions
• User remains logged in after inactivity timeout

If you have any other questions or still facing issues after reviewing them, feel free to leave a reply!

Kind Regards,
Nik

Hi @terren were you able to resolve this issue ? I am facing the same.

Hi @khushbu

I am sorry about the delayed reply.

Do you still experience issues with setting specific session expiration for your application?
Have you checked out our documentation referenced above?

If yes, could you share more about the application/tenant configuration you have for your session and share your action code?

Kind Regards,
Nik

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.