Skip to main content

Session expiration

Once a session has expired, it can’t be reactivated or extended. The user must re-authenticate to create a new session. The session_duration_minutes parameter sets the lifetime of a session from the time it is created:
  • Minimum: 5 minutes
  • Maximum: 527,040 minutes (366 days)
  • Default (if blank):
    • When there is no existing session: No session created
    • When extending an existing session: No change to session expiry

Extend a session

By default, the frontend SDK keeps the session_jwt updated, but it does not automatically extend the lifetime of the underlying session. For example, if session_duration_minutes is set to 60 minutes, the session will expire 60 minutes after it was created regardless of user activity.
1

Extend a session's duration

Pass a session_duration_minutes value to the session.authenticate() method or endpoint. The session will be set to expire that many minutes from the time of the call.

Examples

Techniques could be to set an interval to extend the session’s lifetime periodically so the session is automatically extended as long as the user keeps the application open, or setting the expiration based on last user activity.
const extendSession = () => {
  if (stytch.session.getSync()) {
    // Set the session's expiration to 60 minutes from the present
    stytch.session.authenticate({
      session_duration_minutes: 60,
    });
  }
};

// Extend the session's lifetime every 10 minutes
let interval = setInterval(extendSession, 600000);
window.addEventListener('beforeunload', () => {
  clearInterval(interval);
});