I want to have the following setup:
- A user session that expires after 30 minutes of inactivity, but gets extended while the user is active
- API access tokens that expires after 5 minutes (or less), but gets renewed while the user is active
Though I’m struggling a bit of setting this up in my SPA (I use
auth0-react). How should I make sure that while the user is active:
- The user session gets extended?
- Let’s say the user is active for 29 minutes, then goes inactive. Will the session expire after 1 minute even though he/she only has been inactive for 1 minute? Or can I make sure the session lifetime is extended somehow?
- The API access token gets renewed?
And while the user is inactive:
- The user is logged out after 30 minutes? Do I need to set a manual timer to do this?
- The API access token is not renewed after 30 minutes?