Hey guys, I'm using your node-express sdk and trying to change the session timeout. The doc (https://supertokens.com/docs/emailpassword/common-customizations/sessions/change-session-timeout) mentions a config.yaml file but I was wondering if this could be achieved with an override in

Session.init()

? If I were to override

getRefreshTokenLifeTimeMS

for example would that have the same effect ?

Hey! Unfortunately no. You need to change this on the core side

thanks !

is there an issue with doing that? Some use case in which it's causing a problem?

A 'nice to have' feature for us was to be able to set a custom timeout per user (based on user role or metadata)

hmm. You can hack your way around this. Here is what you can do: - Set the custom time you need in the access token payload for that user. - Create your own wrapper middleware around verifySession which calls verifySession, and then checks if the time has passed that custom time in the access token payload. - If it hasn't, then you can call the actual API. - If it has, call session.revoke(), and then send a 401 to the frontend. The frontend will try and refresh which will fail, logging out the user.

Oh yeah ok, that sounds feasible. Thanks man !