You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: IdentityServer/v7/docs/content/ui/server_side_sessions/session_expiration.md
+12-3
Original file line number
Diff line number
Diff line change
@@ -3,16 +3,16 @@ title: "Session Expiration"
3
3
weight: 20
4
4
---
5
5
6
-
If a user abandons their session without triggering logout, the server-side session data will remain in the store by default.
7
-
In order to clean up these expired records, there is an automatic cleanup mechanism that periodically scans for expired sessions.
6
+
If the user session ends when the session cookie expires without explicitly triggering logout, there is most likely the need to clean up the server-side session data.
7
+
In order to remove these expired records, there is an automatic cleanup mechanism that periodically scans for expired sessions.
8
8
When these records are cleaned up, you can optionally notify the client that the session has ended via back-channel logout.
9
9
10
10
## Expiration Configuration
11
11
12
12
The expiration configuration features can be configured with the [server-side session options]({{<ref "/reference/options#server-side-sessions">}}).
13
13
It is enabled by default, but if you wish to disable it or change how often IdentityServer will check for expired sessions, you can.
When the session cleanup job removes expired records, it will by default also trigger [back-channel logout notifications]({{<ref "/ui/logout/notification#back-channel-server-side-clients">}}) to client applications participating in the session. You can use this mechanism to create an [inactivity timeout]({{<ref "inactivity_timeout">}}) that applies across all your client applications.
0 commit comments