In Ory Kratos, the session cookie

max-age

is by default the same as the set session lifespan. This means that when you extend a session, the

expires

property of the session is set to a value that is the time when the refresh is triggered plus the amount of time defined by the value of

/session/lifespan

. This should automatically update the

expire_at

date for the client cookie. However, if you want to define a different cookie

max-age

, you can disable this behavior by setting the

session/cookie/persistent

value to

false

. Here's how you can do it: 1. Download the Ory Identities config from your project and save it to a file:

bash ## List all available projects   ory list projects      ## Get config   ory get identity-config {project-id} --format yaml > identity-config.yaml

2. Update the configuration value for session lifespan property to the desired value (Use hour (h), minute (m), second (s) to define interval, for example: 1h1m10s, 10s, 1h)

yaml session:   cookie:    domain: {project.slug}.<http://projects.oryapis.com|projects.oryapis.com>    name: ory_session_{name}    path: /    persistent: false    same_site: Lax   lifespan: 720h0m0s

3. Update the Ory Identities configuration using the file you worked with:

bash ory update identity-config {project-id} --file identity-config.yaml

Remember, if

max-age

is set as a part of the

Set-Cookie

header, the browser deletes the cookie when it reaches the age defined in

max-age

. When

max-age

is not set, the browser deletes the cookie when the session ends. The session ends when the set session lifespan expires, or when the browser is shut down by the user. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/session-management/session-lifespan).