I see new settings for rotating refresh tokens, as well as absolute token lifetime and inactivity lifetime settings. I have read your article here: Achieving a Seamless User Experience with Refresh Token Inactivity Lifetimes
One big issue we are having as a non-enterprise user of Auth0 is the 3 days of inactivity session limit and also the 30 day absolute limit. This is costing us many users.
However, I see I can set absolute lifetime to 365 days (31557600s) and inactivity lifetime to 30 days (2591999s). This is on our unpaid plan.
Yet I still read here that session lifetime is max 3 and 30 days for non-enterprise users.
So which is right? Can I now set these lifetimes in the auth0 panel and get longer sessions or will these settings be ignored. Confused.