Login-Logout Settings


Summary:


Parameter

Duration

Inactivity Timeout

6 hours

Require Login after

24 hours

Absolute Lifetime (Rotation Token)

24 hours

Inactive Lifetime (Rotation Token)

1 hour

Inactive Lifetime (Refresh Token)

6 hours (21600 seconds)

Inactive Lifetime (ID Token)

1800 seconds

Inactive Lifetime (Access Token)

7200 seconds



Login-Logout Configuration:


  1. Users will be asked to log in again unless they are active within a 6 hours period.

  2. Regardless of the activity, users must log in after 24 hours duration.


Zluri has also enabled the rotation token, which has a different configuration.


Token Configuration:


  1. The absolute lifetime of the rotation token is set as 24 hours.

  2. The inactive lifetime of the rotation token is set as 1 hour.

  3. If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.

  4. The inactive lifetime of the refresh token is set as 6 hours.

  5. The inactive lifetime of the ID token is set as 1800 seconds.

  6. The inactive lifetime of the access token is set as 7200 seconds


Inactivity Lifetime:


  1. The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.

  2. This prevents long-lived unused tokens from posing a security threat.



Absolute Lifetime:


  1. The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token. 

  2. This is not dependent on the user activity.

  3. This ensures even if the token is unused; it will eventually expire.

Can’t find what you are looking for? Let us help you!

Login-Logout Settings

Modified on Thu, 22 Jun 2023 at 02:11 PM


Summary:


Parameter

Duration

Inactivity Timeout

6 hours

Require Login after

24 hours

Absolute Lifetime (Rotation Token)

24 hours

Inactive Lifetime (Rotation Token)

1 hour

Inactive Lifetime (Refresh Token)

6 hours (21600 seconds)

Inactive Lifetime (ID Token)

1800 seconds

Inactive Lifetime (Access Token)

7200 seconds



Login-Logout Configuration:


  1. Users will be asked to log in again unless they are active within a 6 hours period.

  2. Regardless of the activity, users must log in after 24 hours duration.


Zluri has also enabled the rotation token, which has a different configuration.


Token Configuration:


  1. The absolute lifetime of the rotation token is set as 24 hours.

  2. The inactive lifetime of the rotation token is set as 1 hour.

  3. If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.

  4. The inactive lifetime of the refresh token is set as 6 hours.

  5. The inactive lifetime of the ID token is set as 1800 seconds.

  6. The inactive lifetime of the access token is set as 7200 seconds


Inactivity Lifetime:


  1. The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.

  2. This prevents long-lived unused tokens from posing a security threat.



Absolute Lifetime:


  1. The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token. 

  2. This is not dependent on the user activity.

  3. This ensures even if the token is unused; it will eventually expire.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article