Hi @eliahut ,
Welcome to the Auth0 Community!
We have a couple of FAQs related to the user session not ending as per the inactivity period config. Have you got a chance to check them out?
Problem Statement:
We set the Refresh Token Inactivity Expiration to 15 seconds in the applications setting. Why is our Web App still alive after 15 seconds?
Our current Login Session Management settings are (1) Non-Persistent Session. Inactivity timeout: 1 minute, and (2) Require login after: 60 minutes. With this setting, our app remains logged in after 1 minute of inactivity or after the app is closed and then reopened.
Solution:
Session lifetime and refresh token lifetime are two separat…
Problem Statement:
In our tenant we have non-persistent sessions enabled. But when the tab, window, or browser is closed and reopened, the session persists.
Solution:
There could be a couple reasons for sessions persisting. The browser being used, the browser settings, and the operating system all can affect this feature.
If the user has a session restore setting on the browser enabled, restoring the session also restores the session cookie.
Additionally closing the tab by itself is not eno…
In case of further queries, I am happy to look into this further. Please DM me your tenant name and a screenshot of the Login Session Management setting. Thanks!