Hi @mstart
Thank you for posting your question on our Community page and sorry for the late reply.
If your session is configured in your tenant as a persistent one users remain logged in because the application session is not cleared when the Auth0 session expires, so a call to the /logout
endpoint is required after the inactivity timeout.
As for the Non-Persistent sessions remaining active after the expiration lifetime of the session, you can check more on this Knowledge Article.
I hope this helped,
Remus