Inactivity timeout

After 15min of inactivity, we would like the user to log in again in order to use our application.

In Dashboard > Tenant Settings and in the Advanced tab, there is “Inactivity timeout” which sounds exactly what I want to do. So I set it to 15 minutes and click on “save”.

After that:

  • I go to my website
  • I log in
  • I do nothing for 15min
  • I refresh the page but I’m still logged in! Why?

Hmm that’s weird. Can you provide me with more context around what your app is and what parts of our stack you used to create the security part around it? Thank you!

Thank you Konrad for your response.

My application is in Javascript (node, express) and I’m using express-openid-connect:

import { auth } from 'express-openid-connect';
import 'global-agent/bootstrap';
import appConfig from '../utils/config';

// global-agent is required because we use a proxy.
// it uses by default the environment variable GLOBAL_AGENT_HTTP_PROXY.
// It may conflict with nock.

const { auth0 } = appConfig;

// https://auth0.github.io/express-openid-connect/interfaces/configparams.html
const configParams = {
  authRequired: false,
  auth0Logout: true,
  baseURL: auth0.baseUrl,
  clientID: auth0.clientId,
  issuerBaseURL: auth0.issuerBaseUrl,
  secret: auth0.secret,
  clientSecret: auth0.clientSecret,
  routes: { callback: '/auth0/callback', login: '/auth0/login', logout: '/auth0/logout' },
  authorizationParams: {
    // eslint-disable-next-line @typescript-eslint/camelcase
    response_type: 'code',
    scope: 'openid profile email read:users',
    audience: appConfig.apis.audience.endpoint,
  },
};

export default auth(configParams);

To test more quickly, I set the inactivity timeout to 1min.
I open a window (chrome) and log in to my website.
I keep the window open but do nothing for 1 min (there is no activity in the “network” tab when inspecting the page).
Then I reload the page (command+r), and I can still see my page (I’m not redirected to the login page).

Can you see something that I’m missing?
Let me know if you need more info!

do you see anything wrong in the config @konrad.sopala ?

Yep same problem here, any update?

Same problem here. Did you guys solve this some way?

Same issue here, it looks like the setting has no effect at all.