Session options
Clerk provides session management options for fine-tuning user visits to your application, including options for session lifetime, multi-session handling, and session token customization.
Session lifetime
Depending on the business domain of an application, there might be different requirements for how long users should remain signed in. Criteria to base this decision upon typically revolve around user activity on the application and how long it has been since the user first signed in.
Ultimately, picking the ideal session lifetime is a trade-off between security and user experience. Longer sessions are generally better for UX but worse for security; and vice-versa.
Fortunately, with Clerk, you have the ability to fully control the lifetime of your users' sessions. There are two settings for doing so and you can set them via your instance settings in the Clerk Dashboard: Inactivity timeout and Maximum lifetime.
Inactivity timeout
Inactivity timeout is the duration after which a session will expire and the user will have to sign in again, if they haven't been active on your site.
A user is considered inactive when the application is closed, or when the app stops refreshing the token.
By default, the inactivity timeout is set to 7 days. You can set a custom inactivity timeout by following these steps:
- In the Clerk Dashboard, navigate to the Sessions page.
- Toggle on Inactivity timeout.
- Set your desired duration.
Maximum lifetime
The duration after which a session will expire and the user will have to sign in again, regardless of their activity on your site.
By default, this setting is enabled with a default value of 7 days for all newly created instances. To find this setting and change the value:
- In the Clerk Dashboard, navigate to the Sessions page.
- Toggle on Maximum lifetime.
- Set your desired duration.
Browser limitations on cookies
Regardless of how session lifetimes are configured, there are certain browser limitations & behaviors which may clear Clerk's session cookie. This will cause users to be signed out, even if your session lifetimes are set to a longer duration. As a result, it is impossible to achieve a setup where your users are never signed out.
User behaviors
In the event that a user manually clears their cookies, Clerk's session cookie will be lost. Similarly, if a user signs in via an incognito window and they then close all incognito windows, Clerk's session cookie will be lost. Both of these scenarios will cause the user to have to sign in again.
Google Chrome
Cookies set in Google Chrome have a Max-Age upper limit of 400 days. Users who are using Google Chrome will be signed out within 400 days, even if session lifetime is set to a longer duration. There is no workaround for this.
This is per the HTTP Working Group Specification which is likely to get implemented by other browsers in the near future.
Multi-session applications
A multi-session application is an application that allows multiple accounts to be signed in from the same browser at the same time. The user can switch from one account to another seamlessly. Each account is independent from the rest and has access to different resources.
To enable multi-session in your application, you need to configure it in the Clerk Dashboard.
- In the Clerk Dashboard, navigate to the Sessions page.
- Toggle on Multi-session handling.
- Select Save.
Add multi-session support to your app
There are two main ways to add the multi-session feature to your application:
- Use the
<UserButton />component if you want to use a prebuilt UI. - Build a custom flow if you want to rebuild the existing Clerk flow using the Clerk API.
It's highly recommended to wrap your application with the following <MultisessionAppSupport /> component. The fragment's key is set to the session ID. Every time the session ID changes, the key changes, forcing React to recreate the entire component tree under the fragment and guaranteeing a full rerendering cycle.
function MultisessionAppSupport({ children }: { children: React.ReactNode }) {
const { session } = useSession()
return <React.Fragment key={session ? session.id : 'no-users'}>{children}</React.Fragment>
}The following example demonstrates adding multi-session support to a Next.js App Router application. It requires creating the <MultisessionAppSupport /> as a client component, and then using it in the app/layout.tsx file to wrap the entire application. This ensures the layout.tsx remains a server component.
import React from 'react'
import { ClerkProvider } from '@clerk/nextjs'
import { MultisessionAppSupport } from './components/MultisessionAppSupport'
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<html lang="en">
<ClerkProvider afterMultiSessionSingleSignOutUrl="/">
<MultisessionAppSupport>
<body>{children}</body>
</MultisessionAppSupport>
</ClerkProvider>
</html>
)
}'use client'
import React from 'react'
import { useSession } from '@clerk/nextjs'
export default function MultisessionAppSupport({ children }: { children: React.ReactNode }) {
const { session } = useSession()
return <React.Fragment key={session ? session.id : 'no-users'}>{children}</React.Fragment>
}Sign out behavior
By default, signing out from a currently active account in a multi-session app will navigate to the sign-in page's /choose route.
If a sign-in URL is not set, signing out will navigate to Clerk's Account Portal /sign-in/choose page, allowing the user to choose which account to switch into.
If a sign-in URL is set, either through the signInUrl prop on <ClerkProvider> or the CLERK_SIGN_IN_URL environment variable, signing out will navigate to that URL's /choose route. For example, if signInUrl or CLERK_SIGN_IN_URL is set to https://example.com/sign-in, signing out of a multi-session app will navigate to https://example.com/sign-in/choose.
To redirect to a custom route, pass the afterMultiSessionSingleSignOutUrl property to <ClerkProvider>.
Customize session token
Session tokens are JWTs that contain a set of default claims required by Clerk. You can customize these tokens by providing additional claims of your own.
To learn how to customize session tokens, see the dedicated guide.
Feedback
Last updated on