Skip to main content
To configure a session lifetime, you can use the Auth0 Dashboard, Management API, or a Post-Login Action.

Auth0 Dashboard

To configure the session lifetime using Auth0 Dashboard:
  1. Navigate to Dashboard > Tenant Settings and select the Advanced view.
  2. Under Session Expiration, you can configure:
Dashboard > Tenant > Settings > Advanced > Session Expiration

Auth0 Management API

To configure the session lifetime using the Auth0 Management API:
Calls to the /api/v2/tenants/settings endpoint require a Management API access token with the update:tenant_settings scope.
Make a PATCH request to the /api/v2/tenants/settings endpoint:
cURL

Auth0 Post-Login Actions

You can configure session behavior dynamically using api.session methods with a post-login Action. This allows you to override default tenant session settings on a per-login basis, based on user or context-specific logic. Use cases include:
  • Shortening timeouts for high-risk logins
  • Extending timeouts for trusted users or organizations
  • Adjusting cookie persistence based on application type
The api.session methods available to configure session lifetimes are:
  • api.session.setExpiresAt
  • api.session.setIdleExpiresAt
  • api.session.setCookieMode
The api.session methods only apply to the current session and must be called during the login transaction. These methods require that the event property event.session.id is available.
To learn more, read Sessions with Actions.