Skip to main content
To configure a session lifetime, you can use the Auth0 Dashboard, Management API, or a Post-Login Action.

Auth0 Dashboard

To configure the session lifetime using Auth0 Dashboard:
  1. Navigate to Dashboard > Tenant Settings and select the Advanced view.
  2. Under Session Expiration, you can configure:
Session PolicyDescription
Idle Session Lifetime (Persistent)Maximum time (in minutes) of inactivity before a persistent session expires.
Idle Session Lifetime (Non-Persistent)Maximum time (in minutes) of inactivity before a non-persistent session expires.
Maximum Session Lifetime (Persistent)Maximum time (in minutes) a persistent session can exist, even if the user is active.
Maximum Session Lifetime (Non-Persistent)Maximum time (in minutes) a non persistent session can exist, even if the user is active.
Dashboard > Tenant > Settings > Advanced > Session Expiration

Auth0 Management API

To configure the session lifetime using the Auth0 Management API:
Calls to the /api/v2/tenants/settings endpoint require a Management API access token with the update:tenant_settings scope.
Make a PATCH request to the /api/v2/tenants/settings endpoint:
cURL
curl --request PATCH \
  --url 'https://<your-domain>/api/v2/tenants/settings' \
  --header 'Authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{\
    "session_lifetime": SESSION_LIFETIME_VALUE,\
    "idle_session_lifetime": IDLE_SESSION_LIFETIME_VALUE,\
    "ephemeral_session_lifetime": EPHEMERAL_SESSION_LIFETIME_VALUE,\
    "idle_ephemeral_session_lifetime": EPHEMERAL_IDLE_SESSION_LIFETIME_VALUE\
  }'
ParameterDescription
session_lifetimeMaximum duration (in hours) for absolute timeout.
idle_session_lifetimeMaximum duration (in hours) before a session expires due to inactivity.
ephemeral_session_lifetimeMaximum duration (in hours) for absolute timeout.
idle_ephemeral_session_lifetimeMaximum duration (in hours) before a session expires due to inactivity.

Auth0 Post-Login Actions

You can configure session behavior dynamically using api.session methods with a post-login Action. This allows you to override default tenant session settings on a per-login basis, based on user or context-specific logic. Use cases include:
  • Shortening timeouts for high-risk logins
  • Extending timeouts for trusted users or organizations
  • Adjusting cookie persistence based on application type
The api.session methods available to configure session lifetimes are:
  • api.session.setExpiresAt
  • api.session.setIdleExpiresAt
  • api.session.setCookieMode
The api.session methods only apply to the current session and must be called during the login transaction. These methods require that the event property event.session.id is available.
To learn more, read Sessions with Actions.
I