SuperTokens

SuperTokens

  • Docs
  • Discord
  • Blog

›Sessions

SIDEBAR_REPLACE_DOC_About this recipe

  • About this recipe

Quick setup

  • Frontend
  • Backend
  • Core

    • Self Hosted setup with Docker
    • Self Hosted setup without Docker
    • Managed Service

    Database Setup

    • MySQL
    • PostgreSQL
    • MongoDB
    • Rename database tables

Common customizations

  • Redirect To Auth Screen
  • Sign Out
  • SignUp Form

    • Prerequisite
    • Adding Extra Fields
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Embed in a page
    • Terms of service & Privacy policy links
    • Show Sign Up by default

    SignIn Form

    • Prerequisite
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Password managers
    • Embed in a page
  • Post sign up callbacks
  • Post sign in callbacks
  • User Roles

    • Assigning roles to users
    • Assigning roles to a session
    • Reading roles in an API
    • Reading roles in the frontend
    • Updating roles in a session

    Reset Password

    • About
    • Reset Password Email
    • Embed in a page

    Email Verification

    • About
    • Customising the email sent
    • Embed in a page

    Sessions

    • About
    • Storing session data
    • Session Verification in API
    • Revoking a session manually
    • Change session timeout
    • Checking if a session exists on the frontend
    • Get user information on the frontend
    • Fetching sessions for a user
    • Update JWT Payload
    • Update Session Data
    • Cookies and Https
    • Cookie Consent
    • Share sessions across sub domains
    • Anti CSRF
    • Same site cookies
    • JWT Signing key rotation
    • Access token blacklisting
    • Customizing Error Handling

    Styling

    • Changing Colours
    • Changing Style via CSS
    • Themes

    Changing base path

    • Website Base Path
    • API Base Path
  • User Pagination
  • Core

    • Adding API Keys
    • Tuning Performance
    • Logging

    Core CLI

    • Overview
    • Start
    • List
    • Stop
    • Uninstall

NextJS

  • About
  • 1. Configuration
  • 2. Showing Login UI
  • 3. Adding auth APIs
  • 4. Protecting a website route
  • 5. Session verification

    • 5a. Session verification in an API call
    • 5b. Session verification in getServerSideProps
  • 6. Next steps

SIDEBAR_REPLACE_DOC_Serverless Optimisation

  • Running on serverless env

SIDEBAR_REPLACE_DOC_SDKs API Reference

  • SDKs API Reference

Change session timeout

By default, the session timeout is for 100 days. This means that a user will get logged out only after 100 days of inactivity.

This value can be changed by:

  • Changing the refresh_token_validity value (time in mins): Determines the overall session timeout.
    • The default is 100 days.
  • Changing the access_token_validity value (time in seconds): Does not affect the overall session timeout, but affects how often session refreshing occurs.
    • The default is 1 hour.
    • This time does not determine the user experience, but only the security of the overall session system.
With Docker
Without Docker
With SaaS
 docker run \
-p 3567:3567 \
-e REFRESH_TOKEN_VALIDITY=<Default: 144000> \
-e ACCESS_TOKEN_VALIDITY=<Default: 3600> \

-d supertokens/supertokens-<db name>
# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

refresh_token_validity: # Default 144000

access_token_validity: # Default 3600
# Navigate to your SaaS dashboard, and click on the Edit Configuration button.
# Under there, change the values of the following fields, and click on save.

refresh_token_validity: # Default 144000

access_token_validity: # Default 3600
← Revoking a session manuallyChecking if a session exists on the frontend →