Question about session lengths

Hi, our users currently have to log in every time they close their browser out even though our account lengths for login sessions is 3 days for inactive and 7 days regardless.

We are also having issues that timeout after being on our site for a few hours playing our games.

How can we make sure that our users sessions stay active for the full 7 days and they don’t have to keep logging in every time they have a new browser opened or are on our site for a long time.

Thanks!

Hi @holyfiregames,

Welcome to the Auth0 Community Forum!

Can you give us more context?

How are you implementing auth0, SPA/native/regular web app, how are you storing tokens, what do you mean new browser (new window/tab, or switching from chrome to firefox), are you using an auth0 library or quickstart?

Hi, @dan.woda. I’m working with @holyfiregames. Thanks for your response.

To log our users in, we’re using a cURL request to ‘/oauth/token’ to obtain the access token, then using the PHP SDK (Auth0\SDK\API\Authentication::userinfo()) to get the user info.

That part is all working fine.

We then create an Auth0\SDK\Auth0 object and call the setUser() method to store the user info. The problem was that when a user would be idle for awhile or shut the browser down (starting a new session), they would get logged out.

Since then, I changed it to also store the access token, which may have been the issue, but any advice on how to do it better would be great.

Thanks!

Hi @codingmusician,

You can store the token to keep the session persisted then prompt for login if the user has been inactive or the token is expired (7 days in your case). Have you looked at the php quickstart here?

In addition, you could use a refresh token to create a long lived session, although your use-case this might not be necessary.

If you want some review of your implementation, feel free to post your code!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.