Configure Session Lifetime
To configure a session lifetime, you can use the Auth0 Dashboard, Management API, or a Post-Login Action.
Auth0 Dashboard
To configure the session lifetime using Auth0 Dashboard:
Navigate to Dashboard > Tenant Settings and select the Advanced view.
Under Session Expiration, you can configure:
Session Policy | Description |
---|---|
Idle Session Lifetime (Persistent) | Maximum time (in minutes) of inactivity before a persistent session expires. |
Idle Session Lifetime (Non-Persistent) | Maximum time (in minutes) of inactivity before a non-persistent session expires. |
Maximum Session Lifetime (Persistent) | Maximum time (in minutes) a persistent session can exist, even if the user is active. |
Maximum Session Lifetime (Non-Persistent) | Maximum time (in minutes) a non persistent session can exist, even if the user is active. |

Auth0 Management API
To configure the session lifetime using the Auth0 Management API:
Make a PATCH
request to the /api/v2/tenants/settings endpoint:
curl --request PATCH \
--url 'https://<your-domain>/api/v2/tenants/settings' \
--header 'Authorization: Bearer MGMT_API_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"session_lifetime": SESSION_LIFETIME_VALUE,
"idle_session_lifetime": IDLE_SESSION_LIFETIME_VALUE,
"ephemeral_session_lifetime": EPHEMERAL_SESSION_LIFETIME_VALUE,
"idle_ephemeral_session_lifetime": EPHEMERAL_IDLE_SESSION_LIFETIME_VALUE
}'
Was this helpful?
Parameter | Description |
---|---|
session_lifetime |
Maximum duration (in hours) for absolute timeout. |
idle_session_lifetime |
Maximum duration (in hours) before a session expires due to inactivity. |
ephemeral_session_lifetime |
Maximum duration (in hours) for absolute timeout. |
idle_ephemeral_session_lifetime |
Maximum duration (in hours) before a session expires due to inactivity. |
Auth0 Post-Login Actions
You can configure session behavior dynamically using api.session
methods with a post-login Action. This allows you to override default tenant session settings on a per-login basis, based on user or context-specific logic.
Use cases include:
Shortening timeouts for high-risk logins
Extending timeouts for trusted users or organizations
Adjusting cookie persistence based on application type
The api.session
methods available to configure session lifetimes are:
api.session.setExpiresAt
api.session.setIdleExpiresAt
api.session.setCookieMode
To learn more, read Sessions with Actions.