Logging user out after 30 mins of inactivity
Hi chat, I'm working on a project that interacts with banking data. To protect that data one of the steps we are taking is to log users out after 30 minutes of inactivity.
To achieve this we have a two step process. Firstly in NextJS detecting inactivity (no mouse movements, clicks, etc) and logging the user out. Secondly, by setting the lifetime of the tokens to be no longer than 30 minutes.
My question is what should my Kinde token expiries look like to achieve this?
5 Replies
This is our current setup. With this will the Kinde SDK automatically refresh both the access_token and refresh token as long as the website is open?
Hi, I would reduce the id. access and session expiry lower, this will ensure that the token is refreshed more frequently. With this setup its very possible refresh will fail as it currently checks if it needs to refresh by looking if the access token expiry has passed, by as this point the refresh would have also passed. We are working to improve this.
Ahh ok ok
@Daniel_Kinde does the Kinde SDK detect idle and logout users after the amount of time set in the SSO session inactivity timeout variable?
Its not automatic, what bahavour are you after, I am looking into changes to this area
I want to have the access token and refresh token set to a very short lifetime and keep refreshing while the user is using the website, but when they are on idle for SSO session inactivity timeout amount of time, they should be logged out
I'm not exactly sure thats what the variable is even supposed to do but thats what i'm implementing rn