One big issue we are having as a non-enterprise user of Auth0 is the 3 days of inactivity session limit and also the 30 day absolute limit. This is costing us many users.
However, I see I can set absolute lifetime to 365 days (31557600s) and inactivity lifetime to 30 days (2591999s). This is on our unpaid plan.
Yet I still read here that session lifetime is max 3 and 30 days for non-enterprise users.
So which is right? Can I now set these lifetimes in the auth0 panel and get longer sessions or will these settings be ignored. Confused.
The doc you linked is correct, the session lifetimes are as follows:
Inactivity timeout : Timeframe after which a user’s session will expire if they haven’t interacted with the Authorization Server. Will be superseded by system limits if over 3 days for self-service plans or 100 days for enterprise plans.
Require log in after : Timeframe after which a user will be required to log in again, regardless of their activity. Will be superseded by system limits if over 30 days for self-service plans or 365 days for enterprise plans.
Specifically: “Will be superseded by system limits”