Auth0 Home Blog Docs

How to expire the login session after 24hrs

jwt
auth0

#1

I have a SPA. I believe my application’s session is expired after a couple of hours of idleness. When the user tries to log back in, their credentials are cached and they login without having to retype their password.

I would like auth0 to request the user enter their password again after 24hrs. How do I do that?

I tried setting the API’s “Total Expiration (Seconds)” and “Token Expiration for Browser Flows (Seconds)” to 86400 (1 day), but the login is still cached after 1 day.
What setting should I be changing?

Thanks in advance


#2

To force a user to enter their credentials every 24 hours, you need to set the absolute SSO session timeout. This is in the Tenant settings (upper right hand corner drop down in the management dashboard). Go to the “Advanced” section and set the SSO timeout. Note that the timeout is in minutes, so set it to 1440 for 24 hours.


#3

I have .net core application where i have defined in startup class to expire cookies after every 1 hour so user have to login again. You can define it this way:
OnTicketReceived = context =>
{
context.Properties.IsPersistent = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddHours(1);

                    return Task.FromResult(0);
                },

#4

Thanks Carlos and Sonia. That seems to work.