> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn about the Session Lifecycle.

# Session Lifecycle

An Auth0 session lifecycle begins when a user logs in, remains active with user interaction, and ends when the session expires or is explicitly terminated.

Auth0 considers a session active when a user interacts with the Authorization server.

For example:

* Calls to the [/authorize](/docs/api/authentication/authorization-code-flow/authorize-application) endpoint
* Issue [silent authentication](/docs/authenticate/login/configure-silent-authentication)
* Log in to a new application using [single sign on](/docs/authenticate/single-sign-on)

A session can be persistent or non-persistent; this allows you to configure how a session cookie behaves in a browser.

* **Persistent sessions** store cookies with a future expiration timestamp.
* **Non-persistent sessions** store cookies with `Expires=0`. It tells the browser to delete the cookie when the browser is closed.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  Session cookie persistence behavior depends on the browser implementation. Auth0 cannot guarantee that all browsers will delete non-persistent cookies as expected.
  To learn more read [Cookies](https://auth0.com/docs/manage-users/cookies).
</Callout>

## Session lifetime

Persistent and non-persistent sessions can be configured with their own Idle and Absolute (Maximum) lifetimes to define a session expiration.

### Idle timeout

Idle timeout defines the maximum duration of inactivity allowed. Each time a user interacts with Auth0 via Single Sign-On (SSO), silent authentication or /authorize, the idle timer resets. If no interaction with Auth0 happens during the configured period, the session expires.

### Absolute timeout (Maximum)

Absolute timeout defines the maximum duration a session can remain valid regardless of user activity. Once absolute timeout is reached, the session expires and the user will need to reauthenticate.

Learn how to [Configure Session Lifetime](/docs/manage-users/sessions/configure-session-lifetime).

## Session lifetime limits

Session lifetime has the following limits:

| Session type   | Timeout type        | Description                                                                                     | Maximum (Self-Service plans) | Maximum (Enterprise Plans) |
| -------------- | ------------------- | ----------------------------------------------------------------------------------------------- | ---------------------------- | -------------------------- |
| Non-persistent | Inactivity timeout  | Timeframe after which a session expires if there’s no interaction with the Authorization Server | 3 days                       | 100 days                   |
|                | Require Login after | Maximum session lifetime, regardless of activity                                                | 30 days                      | 365 days                   |
| Persistent     | Inactivity timeout  | Timeframe after which a session expires if there’s no interaction with the Authorization Server | 3 days                       | 100 days                   |
|                | Require Login after | Maximum session lifetime, regardless of activity                                                | 30 days                      | 365 days                   |

## Next steps

* To learn more about using Actions to configure the session lifecycle, read [Sessions with Actions](/docs/manage-users/sessions/manage-sessions-actions).

* To learn more about Auth0 Management API Session Management Endpoints, read [Sessions with Management API](/docs/manage-users/sessions/manage-user-sessions-with-auth0-management-api).