02/15/2023, 10:11 PM
Hey! Exploring Super Tokens for my company and wanted to learn more about a particular multi-tenancy use case. I am planning on only using the sessions functionality for now, and would like to be able to customize the session timeout for each of my "tenants". Based on the docs, I see that the session timeout is configured when you run the Super Tokens Core. Is there any way to configure this via the back end SDKs so that we don't have to run multiple cores?


02/16/2023, 5:23 AM
hey @Probotect0r You can set the maximum session lifetime (across all tenants) on the core. And then when you call createNewSession, then you can add to the accesstoken payload the specific timeout for that tenant. You would also need to override the refresh function in the session recipe to check the session timeout, and modify the access token payload of the new session to modify the session timeout for the new access token. Then, you can make your own middleware which will call getSession to verify the session, and then further check if the session is timedout based on the custom access token payload value. In case it is, you can send back a 401 to the frontend.


02/16/2023, 3:35 PM
Hmm, thanks. I like that you can override some of these core functions