Auth0 Session Lifetime

claus · March 8, 2021, 10:30am

I see new settings for rotating refresh tokens, as well as absolute token lifetime and inactivity lifetime settings. I have read your article here: Achieving a Seamless User Experience with Refresh Token Inactivity Lifetimes

One big issue we are having as a non-enterprise user of Auth0 is the 3 days of inactivity session limit and also the 30 day absolute limit. This is costing us many users.

However, I see I can set absolute lifetime to 365 days (31557600s) and inactivity lifetime to 30 days (2591999s). This is on our unpaid plan.

Yet I still read here that session lifetime is max 3 and 30 days for non-enterprise users.

So which is right? Can I now set these lifetimes in the auth0 panel and get longer sessions or will these settings be ignored. Confused.

dan.woda · March 8, 2021, 11:09pm

Hi @claus,

The doc you linked is correct, the session lifetimes are as follows:

Inactivity timeout : Timeframe after which a user’s session will expire if they haven’t interacted with the Authorization Server. Will be superseded by system limits if over 3 days for self-service plans or 100 days for enterprise plans.

Require log in after : Timeframe after which a user will be required to log in again, regardless of their activity. Will be superseded by system limits if over 30 days for self-service plans or 365 days for enterprise plans.

Specifically: “Will be superseded by system limits”

Topic		Replies	Views
How to stay logged in forever(ish) Get Help login	12	11483	June 7, 2021
Session life time - extend for developer plan? Get Help auth0 , api	7	2868	March 21, 2020
Session Lifetime Limit — Max 3 Days? How to Configure for Longer Sessions Get Help sessions , authentication-sessions	2	77	November 28, 2025
Increase inactivity timeout Archived content login , timeout , checksession	6	8901	December 2, 2018
Refresh token lifetime and session length Get Help configuration , application	4	4614	July 10, 2023

Auth0 Session Lifetime

Related topics