You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that when a user session ends all OAuth access tokens of that user are revoked (the refresh tokens remain valid). I have the feeling that hasn't always been the case though. I think it's since version 2025.10 that I noticed being logged out more frequently.
In the documentation I haven't found much related to sessions and OAuth access tokens and how they interact. In my current configuration the session length is set to 0 (sessions end when the browser is closed or after 24h apparently) and the OAuth access token validity is set to 30 days. That apparently doesn't make a lot of sense given that the token is deleted together with the session. Are only validity periods shorter than the sessions length meaningful for the OAuth access tokens? Or can the interaction between session length and token validity be configured somewhere?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
I noticed that when a user session ends all OAuth access tokens of that user are revoked (the refresh tokens remain valid). I have the feeling that hasn't always been the case though. I think it's since version 2025.10 that I noticed being logged out more frequently.
In the documentation I haven't found much related to sessions and OAuth access tokens and how they interact. In my current configuration the session length is set to 0 (sessions end when the browser is closed or after 24h apparently) and the OAuth access token validity is set to 30 days. That apparently doesn't make a lot of sense given that the token is deleted together with the session. Are only validity periods shorter than the sessions length meaningful for the OAuth access tokens? Or can the interaction between session length and token validity be configured somewhere?
Cheers,
Moritz
Beta Was this translation helpful? Give feedback.
All reactions