Problem statement
I use auth0 with nextjs-auth0 (GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0). From what I understand, there are two sessions in this context.
- session A: a session to Auth0 (configured with Configure Session Lifetime Settings)
- session B: a session to Next.js API (configured with https://auth0.github.io/nextjs-auth0/interfaces/config.SessionConfig.html)
So even if I set “Inactivity timeout: 10 minutes” for session A on the Auth0 dashboard, which forces the user to log in again after 10 minutes without operation, session B is alive.
I want to sync these two sessions, or in other words, let the user experience “same logout timing”.
Is there any way to achieve this?
Cause
There is no built-in handler for this in the Next.js SDK, however, silent authentication can be configured.
Solution
Please see this example here of how to perform a check against Auth0 for the user’s session when using the Next.js SDK. The request will return a login_required error if the user no longer has a session with Auth0:
This is utilizing the silent authentication behavior documented here: