Can I configure the inactivity timeout of the FusionAuth Session cookie?
-
I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?
-
Yes, you can set this in the Tenant OAuth config:
https://fusionauth.io/docs/v1/tech/core-concepts/tenants#oauth
Specifically the "Session Timeout" which is "The length of time an SSO session can be inactive before it is closed."
-
Can we control the auto-logout time for the admin as well?
-
@chakshu I'm not sure I understand.
What do you mean? Do you want to change how long a user can be signed into the FusionAuth admin interface?
-
@dan Yes exactly that.
-
The FusionAuth application is just another application in the default tenant, so if you modify the "Tenant" -> "OAuth" -> "Session Timeout" setting for the default tenant, that should affect the FusionAuth admin users' sessions.
Please let me know if it doesn't.
-
@dan said in Can I configure the inactivity timeout of the FusionAuth Session cookie?:
Session Timeout
I tried doing that for the admin user with a one-minute timeout. It wasn't logging me out for inactivity. I haven't created an application and I was using other tabs for quite some time.
-
Sorry, I pointed you to the incorrect setting.
You can go to Applications > FusionAuth > Edit > JWT > Refresh Token duration
Changing that to 1 (the value is in minutes) caused me to be signed out of the admin application after 60 seconds.
Hope that helps.