feat(app): sessions to expire after 30mins, ref #170 (#172)

aws-amplify · Jul 26, 2022 · 00d6bc9 · 00d6bc9
1 parent 0898a93
commit 00d6bc9
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/src/lib/next-auth.ts b/src/lib/next-auth.ts
@@ -37,6 +37,23 @@ export const options: NextAuthOptions = {
   pages: {
     error: '/auth/error', // Error code passed in query string as ?error=
   },
+  session: {
+    // Choose how you want to save the user session.
+    // The default is `"jwt"`, an encrypted JWT (JWE) stored in the session cookie.
+    // If you use an `adapter` however, we default it to `"database"` instead.
+    // You can still force a JWT session by explicitly defining `"jwt"`.
+    // When using `"database"`, the session cookie will only contain a `sessionToken` value,
+    // which is used to look up the session in the database.
+    strategy: 'database',
+
+    // Seconds - How long until an idle session expires and is no longer valid.
+    maxAge: 30 * 60, // 30 minutes
+
+    // Seconds - Throttle how frequently to write to database to extend a session.
+    // Use it to limit write operations. Set to 0 to always update the database.
+    // Note: This option is ignored if using JSON Web Tokens
+    updateAge: 15 * 60, // 15 minutes
+  },
   callbacks: {
     signIn: async ({ user, account, profile }) => {
       return true