Auth0 Session Lifetime

I see new settings for rotating refresh tokens, as well as absolute token lifetime and inactivity lifetime settings. I have read your article here: Achieving a Seamless User Experience with Refresh Token Inactivity Lifetimes

One big issue we are having as a non-enterprise user of Auth0 is the 3 days of inactivity session limit and also the 30 day absolute limit. This is costing us many users.

However, I see I can set absolute lifetime to 365 days (31557600s) and inactivity lifetime to 30 days (2591999s). This is on our unpaid plan.

Yet I still read here that session lifetime is max 3 and 30 days for non-enterprise users.

So which is right? Can I now set these lifetimes in the auth0 panel and get longer sessions or will these settings be ignored. Confused.

Hi @claus,

The doc you linked is correct, the session lifetimes are as follows:

  • Inactivity timeout : Timeframe after which a user’s session will expire if they haven’t interacted with the Authorization Server. Will be superseded by system limits if over 3 days for self-service plans or 100 days for enterprise plans.
  • Require log in after : Timeframe after which a user will be required to log in again, regardless of their activity. Will be superseded by system limits if over 30 days for self-service plans or 365 days for enterprise plans.

Specifically: “Will be superseded by system limits

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.