Issues with Auth0 NextJS Session Expiration

I am using Auth0 to manage authentication in a NextJS application, and I am having issues with the session expiration. I would like the session to expire and the user to be logged out after 15 minutes of inactivity, or whenever they close their browser, but no matter what settings I change within Auth0, I haven’t been able to achieve this behavior. Within the Auth0 tenant settings, I’ve changed the session policy to “Non-persistent” and I’ve set the idle session lifetime to 15 minutes. I’ve also set the maximum session lifetime to 1 hour, but this doesn’t seem to be having an effect either. Is there another setting that I could be missing?

Thanks!

Hi @tyler.heathcote,

Welcome to the Auth0 Community!

Can you try changing the Maximum Session Lifetime setting to 15 minutes and observe the result?

Setting the session policy to “Non-persistent” will ensure the session ends when the browser closes. Are you using refresh token rotation?

Session documentation that may prove useful:

Thanks,

Mary Beth

Hi Mary Beth,

Thanks for the response. I have set the session policy to “Non-persistent”, the idle session lifetime to 15 minutes, and the maximum session lifetime to 15 minutes. Still, I logged into my application yesterday, completely closed out of my browser, and when returning to my website today, the session persisted and I was still logged in.

I am not using refresh token rotation, and I have attached a screenshot of my current settings for id token expiration and refresh token expiration. Please let me know if you can provide any further assistance, thank you!

Hi @marybeth.hunter - can you please provide any further guidance?

Thank you,
Tyler

Hi @tyler.heathcote,

Thank you for your replies, and I apologize for the delay. I’ve been out of the office.

Could you kindly take a look at this article: Why Users Remain Logged In After the Inactivity Timeout

Specifically regarding the examples with the browser. I believe the settings are all configured correctly, but the session is not being cleared.

I look forward to your reply!

Thanks,

Mary Beth