Check session without extending it

We have a SPA for the medical field. Our requirements state that after 30 minutes of inactivity, the user must be logged out and their screen be cleared of all data (i.e. redirected to logout).

I know that I can set the inactivity timeout via Log In Session Management >> Inactivity timeout

In the client, I would like to periodically check if the session is still valid (inactivity timeout has not been reached). If the session has ended, then I would redirect them to the login screen.

What I cannot seem to figure out is how to check the session in such a way that will not extend it. Is there such an api?

Thanks!

Hi @luke3,

Welcome to the Community!

In order to investigate this further, which SDK are you using (e.g., auth0-spa-js, auth0-react)?

Also, have you set the ID Token lifetime to be shorter than 30 minutes? Update ID Token Lifetime

This documentation may be helpful:

Hi @stephanie.chamblee,

We’re using auth0-spa-js in a vue app. Yes, we’ve set the id token lifetime :slight_smile:
LC

Hi @luke3,

You can use the getTokenSilently method to check on the session without extending it. If the token is valid, the token will be returned. If the user has a valid session that has not timed out, then a new token will be returned. Otherwise, a login_required error will be thrown.

To make sure this does not extend the session, I did a quick test in the Vue Quickstart by updating my tenant’s inactivity timeout to 3 minutes and the ID Token lifetime to 2 minutes and updated the app’s src/components/NavBar.vue file:

<script>
export default {
  name: "NavBar",
  methods: {
    login() {
      this.$auth.loginWithRedirect();
    },
    logout() {
      this.$auth.logout();
      this.$router.push({ path: "/" });
    },
    check() {
      const logout = this.logout;
      this.$auth.getTokenSilently().then((token) => {
        console.log(token)
      }).catch((e) => {
        console.error({e});
        if (e.error === 'login_required') {
          logout();
        }
      });
    }
  },
  mounted: function () {
    // Check every 10 seconds if their session exists with Auth0. If not, log them out.
    const CHECK_INTERVAL = 10000; // in ms
    const check = this.check;
    function initInterval() {
      setInterval(() => {
        check();
      }, CHECK_INTERVAL);
    }
    initInterval();
  }
};
</script>

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.