Can I configure the inactivity timeout of the FusionAuth Session cookie?

dan · 22 Apr 2020, 21:42

I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?

dan · 22 Apr 2020, 21:44

Yes, you can set this in the Tenant OAuth config:

https://fusionauth.io/docs/v1/tech/core-concepts/tenants#oauth

Specifically the "Session Timeout" which is "The length of time an SSO session can be inactive before it is closed."

chakshu · 25 Dec 2020, 05:58

Can we control the auto-logout time for the admin as well?

dan · 5 Jan 2021, 11:11

@chakshu I'm not sure I understand.

What do you mean? Do you want to change how long a user can be signed into the FusionAuth admin interface?

chakshu · 5 Jan 2021, 11:11

@dan Yes exactly that.

dan · 7 Jan 2021, 03:55

@chakshu

The FusionAuth application is just another application in the default tenant, so if you modify the "Tenant" -> "OAuth" -> "Session Timeout" setting for the default tenant, that should affect the FusionAuth admin users' sessions.

Please let me know if it doesn't.

chakshu · 8 Jan 2021, 12:49

@dan said in Can I configure the inactivity timeout of the FusionAuth Session cookie?:

Session Timeout

I tried doing that for the admin user with a one-minute timeout. It wasn't logging me out for inactivity. I haven't created an application and I was using other tabs for quite some time.

dan · 12 Jan 2021, 16:20

@chakshu

Sorry, I pointed you to the incorrect setting.

You can go to Applications > FusionAuth > Edit > JWT > Refresh Token duration

Changing that to 1 (the value is in minutes) caused me to be signed out of the admin application after 60 seconds.

Hope that helps.