Throughout the user session, your application may need to request additional tokens or renew expired ones.
These settings apply to all applications within your tenant and should be configured to align with the security model that matches your use case.Īpplication Session: Your application must also maintain a concept of a session. The session_lifetime is the maximum duration that the session is allowed to remain alive. The idle_session_lifetime is how long the session will remain alive without interaction. There are two tenant settings that determine the length of the Auth0 Session:
This session is maintained by Auth0 and referenced as a cookie bound to your tenant domain (or CNAME). Each serves a separate purpose and requires some consideration to achieve the desired user experience.Īuth0-provided SSO Session: Auth0 provides a session for enabling Single Sign On (SSO) to allow your user to maintain an authentication session without being prompted for credentials more than once. There are two separate user sessions initiated in this situation. This is a simple solution to implement, however, it can cause issues in cases where a cookie does not persist. You can use a cookie or the browser session to store a return URL value.
0 kommentar(er)
