Login and Logout Settings
Summary:
Parameter | Duration |
---|---|
Inactivity Timeout | 6 hours |
Require Login after | 24 hours |
Absolute Lifetime (Rotation Token) | 24 hours |
Inactive Lifetime (Rotation Token) | 1 hour |
Inactive Lifetime (Refresh Token) | 6 hours (21600 seconds) |
Inactive Lifetime (ID Token) | 1800 seconds |
Inactive Lifetime (Access Token) | 7200 seconds |
Login-Logout Configuration:
- Users will be asked to log in again unless they are active within a 6 hours period.
- Regardless of the activity, users must log in after 24 hours duration.
Zluri has also enabled the rotation token, which has a different configuration.
Token Configuration:
- The absolute lifetime of the rotation token is set as 24 hours.
- The inactive lifetime of the rotation token is set as 1 hour.
- If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.
- The inactive lifetime of the refresh token is set as 6 hours.
- The inactive lifetime of the ID token is set as 1800 seconds.
- The inactive lifetime of the access token is set as 7200 seconds
Inactivity Lifetime:
- The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.
- This prevents long-lived unused tokens from posing a security threat.
Absolute Lifetime:
- The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token.
- This is not dependent on the user activity.
- This ensures even if the token is unused; it will eventually expire.
Updated 26 days ago