> For the complete documentation index, see [llms.txt](/llms.txt).

# Session management

Session management controls how long a user's authentication session stays valid before they must re-authenticate.

![Session management settings](/assets/images/project-settings-advanced-e73a8c5fab365a6864e1ecd8c76466a4.png) 

## Configure session duration[​](#configure-session-duration "Direct link to Configure session duration")

Navigate to **Project Settings** → **Advanced** → **Session management** and enter a value in the **Session Duration** field.

Supported units:

| Unit    | Examples     |
| ------- | ------------ |
| Seconds | 1s, 30s      |
| Minutes | 1m, 30m      |
| Hours   | 1h, 12h, 24h |
| Days    | 1d, 7d, 30d  |

**Default:** `1d` | **Minimum:** `1s` | **Maximum:** `30d`

When the session expires, `web3auth.connected` becomes `false` and all provider calls fail until the user re-authenticates.

## Choosing a session duration[​](#choosing-a-session-duration "Direct link to Choosing a session duration")

Shorter durations reduce the exposure window if a session token is compromised. Longer durations reduce re-authentication friction.

Common configurations:

- High-security or financial apps: `30m`–`4h`
- Standard web apps: `1d`–`7d`
- Mobile or gaming apps: `14d`–`30d`

## Next steps[​](#next-steps "Direct link to Next steps")

- [Key export settings](/embedded-wallets/dashboard/advanced/key-export/) — control whether users can export private keys
- [User details in ID token](/embedded-wallets/dashboard/advanced/user-details/) — control what PII appears in JWT tokens
- [Project settings](/embedded-wallets/dashboard/project-settings/) — general project configuration