Session options
Clerk provides session management options for fine-tuning user visits to your application, including options for session lifetime, multi-session handling, and session token customization.
Session lifetime
Depending on the business domain of an application, there might be different requirements for how long users should remain signed in. Criteria to base this decision upon typically revolve around user activity on the application and how long it has been since the user first signed in.
Ultimately, picking the ideal session lifetime is a trade-off between security and user experience. Longer sessions are generally better for UX but worse for security; and vice-versa.
Fortunately, with Clerk you have to ability to fully control the lifetime of your users' sessions. There are two settings for doing so and you can set them via your instance settings in the Clerk Dashboard(opens in a new tab): Inactivity timeout and Maximum lifetime.
Note that either one or both must be enabled at all times. For security reasons, you are not allowed to disable both settings.
Inactivity timeout
The duration after which a session will expire and the user will have to sign in again, if they haven't been active on your site.
A user is considered inactive when the application is closed, or when the app stops refreshing the token.
By default, this setting is disabled for all newly created instances. To enable it and set your desired value:
- Navigate to the Clerk Dashboard(opens in a new tab) and select your application.
- In the navigation sidebar, select Sessions.
- Toggle on Inactivity timeout.
- Set your desired duration.
Maximum lifetime
The duration after which a session will expire and the user will have to sign in again, regardless of their activity on your site.
By default, this setting is enabled with a default value of 7 days for all newly created instances. To find this setting and change the value:
- Navigate to the the Clerk Dashboard(opens in a new tab) and select your application.
- In the navigation sidebar, select Sessions.
- Toggle on Maximum lifetime.
- Set your desired duration.
Multi-session applications
A multi-session application is an application that allows multiple accounts to be signed in from the same browser at the same time. The user can switch from one account to another seamlessly. Each account is independent from the rest and has access to different resources.
To enable multi-session in your application, you need to configure it in the Clerk Dashboard.
- Navigate to the Clerk Dashboard(opens in a new tab) and select your application.
- In the navigation sidebar, select Sessions.
- Toggle on Multi-session handling.
- Select Save changes.
There are two main ways to add the multi-session feature to your application:
- Use the
<UserButton />
component if you want to use Clerk's pre-built UI. - Build a custom flow if you want to rebuild the existing Clerk flow using the Clerk API.
Customize session token
Session tokens are JWTs that contain a set of default claims required by Clerk. You can customize these tokens by providing additional claims of your own.
To learn how to customize session tokens, check out our Customize your session token guide.
Last updated on March 8, 2024