Check session without extending it - NEED AN ACTUAL SOLUTION

This is a repeat of: Check session without extending it - The solution provided does not solve the problem.

We have a React SPA in the finance field. Our requirements state that after 10 minutes of inactivity, the user must be logged out and their screen be cleared of all data (i.e. redirected to logout). This should happen automatically. Not as a consequence of calling getTokenSilently (which extends the sessions / refresh token)

I know that I can set the inactivity Lifetime of a refresh token but I have no way of checking if the user has breached this or not without calling getTokenSilently - which in turn renews the inactivity time.

In the client, I would like to periodically check if the inactivity lifetime of the refresh token is still valid (inactivity timeout has not been reached). If the session has be reached, then I would redirect to perform an action.

What I cannot seem to figure out is how to check the session in such a way that will not extend it. Is there such an api?

Ideally i want a checkSession hook/request.

Thanks!

1 Like

Agreed. I tried using the attemptSilentLogin function in the express-openID-connect module and it did count as activity.