Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> what is the default session lifespan for a user?

I’m assuming you’re asking about the default lifespan of an Ory Identities (Kratos) user session. The knowledge sources provided explain how to configure session lifespan but do not state a default value for Kratos sessions. I’m sorry, but there’s no information about a default Kratos session lifespan in the supplied sources. You can set it yourself in Ory Console or via configuration under session.lifespan. [[Session lifespan](<https://www.ory.sh/docs/kratos/session-management/session-lifespan>); [Configure session settings](<https://www.ory.sh/docs/identities/get-started/session-management#configure-session-settings-in-ory-console>)]  If you meant OAuth2/OIDC (Hydra) “authentication session” related to login/consent, the default is 30 days (with a max of 180 days). [[Hydra expirations](<https://www.ory.sh/docs/hydra/guides/client-token-expiration>)]