Why does changing ID token expiration to 1 second not log me out?

My understanding is that ID token is ressponsible for authenticating the user. Surely then when it expires I’m supposed to be logged out of the app?

Why does changing the below setting not achieve this? Or is my understanding wrong?
image

Hi @ilmoi

It is either an access token or a session that determines if you are logged in, most likely a session.
See this page: https://auth0.com/docs/sessions-and-cookies

John

1 Like

Yep ID tokens are used in token-based authentication to cache user profile information and provide it to a client application, thereby providing better performance and experience. The application receives an ID token after a user successfully authenticates, then consumes the ID token and extracts user information from it.

Makes sense. Thanks for guiding me.

For anyone looking to log out users fasters, the parameters to do so are under tenant settings:

1 Like

Thanks for sharing that with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.