Defining Session Duration
Corteza allows you to define how long the access tokens are to be considered valid.
The The access token represents the credentials that allow users to access protected resources such as records, users, and workflows. An example of limiting the access token to two minutes:
|
|
The The refresh token provides a mechanism which generates a new access token when the old one expires, removing the need to re-authenticate the user. An example of limiting the refresh token to two minutes:
|
|
The The authentication session is generated when the user provides their credentials to the Corteza login page. The authentication session is independent of access tokens. 
An example of limiting the auth session to two minutes:
|
|
The The authentication session is generated when the user provides their credentials to the Corteza login page. The authentication session is independent of access tokens. 
An example of limiting the auth session to two minutes:
|
Log Out Inactive Users After Two Minutes
If you wish to log out inactive users, you need to set all three of the .env variables mentioned above.
AUTH_OAUTH2_ACCESS_TOKEN_LIFETIME=2m
AUTH_SESSION_LIFETIME=2m
AUTH_OAUTH2_REFRESH_TOKEN_LIFETIME=2m|
When the user is considered inactive is determined by the user’s browser. Usually this is when they close the tab/window or when their computer enters rest mode. |