Problem Statement
How much time does it take for the state parameter to expire?
Solution
The state length/validation is controlled by the session lifetime settings (See Configure Session Lifetime Settings ), specifically the Require log in after and Inactivity timeout.
The maximum lifetime for inactive sessions is 3 days (72 hours) for Developer or Developer Pro or 100 days (2,400 hours) for enterprise plans.
The Require log in after is the timeframe (in minutes) after which a user will be required to log in again, regardless of their activity. Will be superseded by system limits if over 43,200 minutes (30 days) for Developer or Developer Pro or 525,600 minutes (365 days) for enterprise plans.