https://www.ory.sh/ logo
Join Slack
Powered by
Hi, I’m struggling with what seems to be random le...
# ory-network
f
Hi, I’m struggling with what seems to be random length of the user session durations in my application. The session duration length is set to 
720h0m0s
in the settings, but I’m always signed out after a couple of days (maximum). I’m using the 
@ory/client
with React, and I’m starting to wonder if there are any “gotchas” here?
So I just read this in your documentation:
Copy code
If max-age is set as a part of the Set-Cookie header, the browser deletes the cookie when it reaches the age defined in max-age.
When max-age is not set, the browser deletes the cookie when the session ends. The session ends when the set session lifespan expires, or when the browser is shut down by the user.
and tried to shut down my browser, which resulted in me being logged out. Now I just have to figure out why this happens😅 My config looks like this:
Copy code
"session": {
                    "cookie": {
                        "persistent": false,
                        "same_site": "Lax"
                    },
                    "lifespan": "720h0m0s",
                    "whoami": {
                        "required_aal": "highest_available"
                    }
                }
Updating 
persistent
to 
true
seemed to do the trick.
m
## Make Session Cookie Persistent ##
If set to true will persist the cookie in the end-user’s browser using the 
max-age
parameter which is set to the 
session.lifespan
value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4). This option affects the Ory OAuth2 and OpenID Provider’s remember feature as well.
we should make this more clear in the docs 🤔 which document did you look at when implementing this @few-balloon-32118
f
@magnificent-energy-493 I looked at these docs: https://www.ory.sh/docs/kratos/session-management/session-lifespan
2 Views
Open in Slack
PreviousNext
Powered by