To extend a Kratos session without calling the

/admin/sessions/{id}/extend

endpoint, you have two main alternatives: 1. User-Initiated Session Refresh via Login Flow You can prompt the user to re-authenticate by redirecting them to the login flow with the

refresh=true

parameter. This will refresh the session and update its

authenticated_at

timestamp. For browser clients, redirect to:

/self-service/login/browser?refresh=true

For API clients, use:

/self-service/login/api?refresh=true

This approach is commonly used when a user needs to refresh their session after certain actions, such as updating their password. The session will be refreshed upon successful re-authentication, and the user will not be logged out unless another user signs in during the process. This method does not require admin privileges and works through the self-service endpoints, making it suitable for user-driven session extension scenarios [Refreshing a session](https://www.ory.sh/docs/kratos/self-service/flows/user-login#refreshing-a-session). 2. Session Cookie Renewal on Activity Ory Kratos automatically manages session cookies. If your application is set up to refresh the session cookie on user activity (for example, by making authenticated requests that validate the session), the session cookie's expiration may be updated as long as the session is still active and valid. However, this does not extend the session's actual lifespan in the backend—only the cookie's expiration in the browser. For true session extension, you must use either the admin endpoint or the user-initiated refresh flow described above [Session management overview](https://www.ory.sh/docs/identities/get-started/session-management). Note: There is no documented way to programmatically extend a session's backend expiration without either using the

/admin/sessions/{id}/extend

endpoint (admin action) or prompting the user to refresh their session via the login flow (user action). If you need to extend sessions automatically without user interaction, the admin endpoint is required. If you have a specific use case that cannot use either of these methods, the knowledge sources do not provide an alternative approach.