Configure Session Lifetime

To configure a session lifetime, you can use the Auth0 Dashboard, Management API, or a Post-Login Action.

Auth0 Dashboard

To configure the session lifetime using Auth0 Dashboard:

  1. Navigate to Dashboard > Tenant Settings and select the Advanced view.

  2. Under Session Expiration, you can configure:

Session Policy Description
Idle Session Lifetime (Persistent) Maximum time (in minutes) of inactivity before a persistent session expires.
Idle Session Lifetime (Non-Persistent) Maximum time (in minutes) of inactivity before a non-persistent session expires.
Maximum Session Lifetime (Persistent) Maximum time (in minutes) a persistent session can exist, even if the user is active.
Maximum Session Lifetime (Non-Persistent) Maximum time (in minutes) a non persistent session can exist, even if the user is active.

Dashboard > Settings > Session Expiration

Auth0 Management API

To configure the session lifetime using the Auth0 Management API:

Make a PATCH request to the /api/v2/tenants/settings endpoint:

curl --request PATCH \
  --url 'https://<your-domain>/api/v2/tenants/settings' \
  --header 'Authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
    "session_lifetime": SESSION_LIFETIME_VALUE,
    "idle_session_lifetime": IDLE_SESSION_LIFETIME_VALUE,
    "ephemeral_session_lifetime": EPHEMERAL_SESSION_LIFETIME_VALUE,
    "idle_ephemeral_session_lifetime": EPHEMERAL_IDLE_SESSION_LIFETIME_VALUE
  }'

Was this helpful?

/

Parameter Description
session_lifetime Maximum duration (in hours) for absolute timeout.
idle_session_lifetime Maximum duration (in hours) before a session expires due to inactivity.
ephemeral_session_lifetime Maximum duration (in hours) for absolute timeout.
idle_ephemeral_session_lifetime Maximum duration (in hours) before a session expires due to inactivity.

Auth0 Post-Login Actions

You can configure session behavior dynamically using api.session methods with a post-login Action. This allows you to override default tenant session settings on a per-login basis, based on user or context-specific logic.

Use cases include:

  • Shortening timeouts for high-risk logins

  • Extending timeouts for trusted users or organizations

  • Adjusting cookie persistence based on application type

The api.session methods available to configure session lifetimes are:

  • api.session.setExpiresAt

  • api.session.setIdleExpiresAt

  • api.session.setCookieMode

To learn more, read Sessions with Actions.