I’m beating a somewhat dead horse, but… We would like to extend the session and token timeout/expiration of the 30/3 days rule (or at the very least bump up the inactivity timeout from 3 days to a total of 30 as well).
This has been asked many times before (in a total of 7-8 topics; I’ll link only a couple for reference):
The reoccurring theme with each is that the session expiration can be moved to a duration of 30 days, BUT the non-configurable inactivity timeout would make this redundant, seeing as the user would be logged out after 3 days of inactivity.
@jmangelo brings up some secret/potential/theoretical plans to provide auth0 users a way to configure expirations/timeouts:
I can let you know that there are plans to give you more control and flexibility over the session in question which would likely meet all your requirements, but at this time there is not yet definitive information about this.
However, the information I have is that we may want to provide something completely different then just a value setting, for example, a way to define a policy that would evaluate when the session could be reused or considered no longer valid. The side-effect of being more flexible is that it will require more time and meanwhile if just another setting was available it would be another thing that in future could require a migration.
As others in the linked threads, I’m all for a more flexible approach. However, I hope that auth0 realises that I can’t do much with promises today.
On June 17 @jmangelo wrote that he brought up the issue of extending the inactivity timeout - since I cannot comment under any of the threads linked (they’re all closed) -
I’ve created this topic to ask about it here.
We’d really appreciate:
- Increasing/lifting the limit of inactivity timeout (at least until the flexible ruleset has been implemented)
- Letting us know of any potential workarounds that would not break our SPA / API stack
- Giving us a somewhat definitive timeline on the flexible features that have been hinted at
- Counting on auth0’s understanding nature