Auth0 Home Blog Docs

Extend SSO session

sso
session
website
asp

#1

Hi,

For a little context, we have multiple websites deployed and each contains a link to login (signup disabled).
It forwards the browser to Auth0 login page which has SSO enabled. So if the user signed-in on one portal, he automatically gets signed-in on the second.
We would like to decrease the SSO lifetime to 1 hour. However if the user remains active on one website, we need to keep extending the SSO lifetime to remain 1 hour. This can either be done in ASP.NET (server side) or preferably in JS (client side).

Is it possible to ask Auth0 with an API call, to extend the SSO token lifetime?

Thanks in advance,
Mathijs


#2

This is currently not possible, although the session has both an absolute and idle timeout, the idle timeout is not configurable at the moment.


#3

“No” is also an answer.
There is indeed an option to change the absolute timeout to any value. Let’s see if that’s sufficient :slight_smile:

Thanks!


#4

“No” is also an answer.
There is indeed an option to change the absolute timeout to any value. Let’s see if that’s sufficient :slight_smile:

Thanks!


#5

We’re also very interested in being able to do this (standard feature as part of ASP.NET Sessions, and IdentityServer also supports it).

Are there any plans to get this on the/a roadmap?

Failing that, is there any way we can emulate it?


#6

We’re also very interested in being able to do this (standard feature as part of ASP.NET Sessions, and IdentityServer also supports it).

Are there any plans to get this on the/a roadmap?

Failing that, is there any way we can emulate it?


#7

This is something that has been discussed and the outcome was that this should indeed be available, but I don’t have any available information to share about possible timelines. With regards to emulating it, maybe in some specific circumstances and would likely involve the client application calling into the logout endpoint as means to terminate the session if it judges the user to have been inactive. The issue would be how to judge inactivity if you have multiple independent client applications.


#8