Auth0 Session Timeout Not Working for Next.js SPA

Problem statement

Auth0 session timeout does not work for Next.js SPA.

In the Tenant Settings > Advanced > Session Management , the following was configured:

  1. Enabled “Persistent Session”;
  2. “inactivity timeout”: 1 minute;
  3. “required login after”: 1 minute.

However, after logging into the application and waiting for over 1 minute, the user is not logged out if the URL is refreshed.

Cause

Next.js sdk maintains its own session. Details are in the article Sync session with Auth0 when using Next.js.

Solution

Set the AUTH0_SESSION_ROLLING_DURATION in the Next.js SDK to the same timeout value as in the Auth0 Tenant Setting.

1 Like