If we configure our Tenant Login Session Management Inactivity Timeout value, and also configure individual Application Refresh Token Expiration Inactivity Lifetime, which value takes precedence?
For instance, if the Tenant level were configured at 15minutes, but the Application level were configured to 20minutes, which would take effect?
They apply to different things. The session management applies to the session (as represented by a cookie in the Auth0 tenant domain) and the refresh token expiration applies to refresh token usage.
They are very different, you will typically either use a session or a refresh token, but not both.
John
Thanks for helping on this one John!
Hi team!
This is a heads-up that we’re hosting an Ask Me Anything (AMA) session dedicated to Auth0 sessions, refresh tokens, and the Management API. Our product experts will be on hand February 12, 2025, from 8 AM to 10 AM PST to answer all your questions—no matter how basic or advanced they may be! You can submit your queries anytime from now until February 11, and we’ll provide detailed written answers during the live event.
This is a fantastic opportunity to learn best practices around session management, refresh token rotation, and the Management API. Plus, everyone who participates gets points and a special badge just for joining in on the fun. 
If you have any burning questions (or even casual curiosities!), feel free to drop them in this thread. We can’t wait to see what you’re working on and how we can help you optimize your Auth0 setup. See you there!
Auth0 Community Ask Me Anything: Auth0 Sessions and Refresh Tokens