Auth0 Home Blog Docs

For how long are users authenticated?


#1

Using the auth0-js API, I can call authorize for a user to get initial authorization and then call checkSession periodically to get an updated JWT.

What controls the amount of time that the user is “authorized”, such that I can call checkSession? Is there any kind of expiry of this state? If so, can that expiry time be controlled?


#2

Check the settings of your Application, at the bottom there is a setting “JWT Expiration”.


#3

That’s the expiry time of a JWT, is it not?


#4

Sorry, thought that would be the same?


#5

:wave: @dan.rumney the lifetime of a session can be set at the SSO Cookie Timeout setting in tenant settings which by default I believe is 7 days and can be set to a maximum of 30 days. However, there is also an inactivity timeout that is currently non-configurable and set to 3 days.