VelizarZ.34810 (Customer) asked a question.
Hi!
I'm using Okta in my Angular app. Access token's lifetime is 5 mins and session's one is 7 mins. I'm expecting the following behavior:
User is logged in
Access token's lifetime is set to 5 mins
Session's lifetime is set to 7 mins
After 5 mins (when the access token expires) I'm getting new tokens (ID and access) with getWithoutPrompt or renewTokens
After 5 more minutes I'm trying to do the same thing ^ and it's successful, although the session should be expired already
I can see, that with every tokens refresh request the session's lifetime gets extended with 7 more mins.
I don't want this thing to happen, I want the session not to get extended whenever I get new access and ID tokens.
Is there a way to achieve that?
Thanks!
"@okta/okta-angular": "^5.1.1",
"@okta/okta-auth-js": "^6.2.0",
"@okta/okta-signin-widget": "^6.1.2",
Hello @VelizarZ.34810 (Customer)
Thanks for posting.
Please take a look at the following threads that might help you:
https://devforum.okta.com/t/how-to-set-the-session-timeout-in-okta/13644
https://developer.okta.com/docs/reference/api/sessions/#session-cookie
https://help.okta.com/en/prod/Content/Topics/Security/healthinsight/session-lifetime.htm#:~:text=Session%20lifetime%20determines%20the%20maximum,session%20lifetime%20is%20two%20hours.
You can also open a support case with our team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.
Thanks!