Custom session expire date #2790
-
Question 💬I want to modify the session expire date to keep it consistency with a one of the token expire date from server. Currently what I did is just to change the session by
You can see there are some format difference between two strings; My question: Is this enough to be handled automatically by
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 8 replies
-
The session expiry is not the same as a third party access token. next-auth rotates the session expiry, meaning whenever the client contacts the backend, it will update the session expiry date. (which is basically the cookie lifetime) with other words, the session doesn't have a fixed/absolute expiry time as usually access tokens have. If the user doesn't open the page for a while, the cookie will expire and will be removed automatically. so make sure the session expiry is always lower than your access token expiry date, if you cannot refresh the access token. hope that makes sense! |
Beta Was this translation helpful? Give feedback.
-
@aboveyunhai how have you implemented the access token rotation logic? So I was wondering how you have got it to be happening automatically. |
Beta Was this translation helpful? Give feedback.
-
I have a requirement that when closing browser it should expire session. how can we achive it |
Beta Was this translation helpful? Give feedback.
The session expiry is not the same as a third party access token. next-auth rotates the session expiry, meaning whenever the client contacts the backend, it will update the session expiry date. (which is basically the cookie lifetime)
with other words, the session doesn't have a fixed/absolute expiry time as usually access tokens have.
If the user doesn't open the page for a while, the cookie will expire and will be removed automatically. so make sure the session expiry is always lower than your access token expiry date, if you cannot refresh the access token.
hope that makes sense!