Interface SessionConfig

Configuration parameters used for the application session.


  • SessionConfig


absoluteDuration: number | boolean

Integer value, in seconds, for application absolute rolling duration. The amount of time after the user has logged in that they will be logged out. Set this to false if you don't want an absolute duration on your session. Defaults to 604800 seconds (7 days). You can also use the AUTH0_SESSION_ABSOLUTE_DURATION environment variable.

autoSave?: boolean

Boolean value to enable automatic session saving when using rolling sessions. If this is false, you must call touchSession(req, res) to update the session. Defaults to true. You can also use the AUTH0_SESSION_AUTO_SAVE environment variable.

cookie: CookieConfig
genId?: (<Req, SessionType>(req, session) => string | Promise<string>)

Type declaration

    • <Req, SessionType>(req, session): string | Promise<string>
    • A Function for generating a session id when using a custom session store.

      IMPORTANT If you override this, you must use a suitable value from your platform to prevent collisions. For example, for Node: require('crypto').randomBytes(16).toString('hex').

      Type Parameters

      • Req = any

      • SessionType extends {
            [key: string]: any;
        } = {
            [key: string]: any;


      • req: Req
      • session: SessionType

      Returns string | Promise<string>

name: string

String value for the cookie name used for the internal session. This value must only include letters, numbers, and underscores. Defaults to appSession. You can also use the AUTH0_SESSION_NAME environment variable.

rolling: boolean

If you want your session duration to be rolling, resetting everytime the user is active on your site, set this to true. If you want the session duration to be absolute, where the user gets logged out a fixed time after login regardless of activity, set this to false. Defaults to true. You can also use the AUTH0_SESSION_ROLLING environment variable.

rollingDuration: number | false

Integer value, in seconds, for application session rolling duration. The amount of time for which the user must be idle for then to be logged out. Should be false when rolling is false. Defaults to 86400 seconds (1 day). You can also use the AUTH0_SESSION_ROLLING_DURATION environment variable.

store?: SessionStore<default>

By default, the session is stateless and stored in an encrypted cookie. But if you want a stateful session you can provide a store with get, set and destroy methods to store the session on the server.

storeIDToken: boolean

Boolean value to store the ID token in the session. Storing it can make the session cookie too large. Defaults to true.