I want to set session expiry specific to a user

khushbu · October 30, 2025, 1:29pm

I want to set session expiry specific to a user based on some rules stored in my database.

I tried following the post login actions article : https://auth0.com/docs/manage-users/sessions/manage-sessions-actions

The problem is that is setting session expiry for that particular post-login interaction.

I want to update session expiry for user’s complete session. Any way to do that ?
Anyway to know the users last login time. So that I can set the session expiry on that.

const nowInSeconds = Math.floor(Date.now() / 1000); → I want to use login time instead of .now()

api.session.setIdleExpiresAt(nowInSeconds + 10);

api.session.setExpiresAt(nowInSeconds + 10);

console.log(`Session will expire at ${nowInSeconds + 15}`);

remus.ivan · October 31, 2025, 4:32pm

Hi @khushbu,

Welcome back to the Auth0 Community!

You have identified correctly how to get the user’s last login, since the Date.now() function takes place right after a successful login since it executes in a Post-Login Action. This could also be checked using the event.session.created_at option ( note that this option is only available for Enterprise Customers )

Since you are mentioning ‘complete session’, my guess is that you are trying to set an absolute lifetime for the user session. You action’s code looks correct to me, but a more robust action code that should work for your use case could be similar to:

exports.onExecutePostLogin = async (event, api) => {

const currentTimeMs = new Date().getTime(); // Date.now() would work as well
const tenSeconds = 10 * 1000;
const absolute = currentTimeMs + tenSeconds;
api.session.setExpiresAt(absolute);
api.refreshToken.setExpiresAt(absolute);
console.log(`setting expiration: `, absolute);
};

You could also check if the session exists, but please note that, but also be aware that Session ID in a Post Login Action is listed as options and can be undefined. Please also not that the API.session.setIdleExpiresAt(idle) method sets the session inactivity timeout for the current interaction. If the method is not reapplied, subsequent successful interactions will override the inactivity timeout using the session inactivity timeout settings.

I hope this helps and if you have further questions please let me know!
Thank you,
Remus

Topic		Replies	Views
Keeping the user signed in Get Help session , access-token , checksession	2	6505	September 6, 2018
api.session.setExpiryAt() in post-login action fails to expire session Get Help login-experience , new-universal-login-experience	2	101	October 30, 2025
Increase inactivity timeout Get Help session , login , timeout , checksession	6	8834	December 2, 2018
How to expire the login session after 24hrs Get Help jwt , auth0	4	6483	July 26, 2019
Auth0 - Session lifetime not logging out users Get Help auth0 , session , login , logo	3	5363	April 16, 2021

I want to set session expiry specific to a user

Related topics