For our company’s data retention policy, we require that all cookies we set expire after a maximum of 2 years.
We’re using the hosted login page with a custom domain, and we noticed that there is a _csrf cookie being set with a max-age of 864000000 seconds (~27 years).
Is it possible for the _csrf token to be set to expire sooner than that?
Hey @joshuak. There’s no way to configure the duration of the cookie, but it could definitely be set to a much shorter duration. Can you explain this same requirement at Auth0: Secure access for everyone. But not just anyone.? That goes directly to the Product team.