Session lifetime

When you log in to the Sitecore Cloud Portal or a Sitecore app, the following sessions are initiated:

An application session that expires after a defined period of inactivity (usually 30 minutes, but this varies depending on the application).
A Sitecore identity provider (IdP) session that expires after 10 hours of inactivity.
If you logged in with an email linked to an external SSO connection for your organization, a session is also established with your SSO provider that expires after a period of inactivity determined by the external provider's policy.

If the application session expires, you'll be prompted to log back in to it. If your Sitecore IdP session is still active at that point, you'll be automatically logged back in without needing to enter your password.

If the Sitecore IdP session also expires, you'll be prompted to log in again. However, if you still have an active external SSO session, you'll be automatically logged in through your SSO provider without needing to enter your password.

Note

If your permissions were updated during your session by an administrator, logging back in will fetch your latest permissions.

Sitecore single-page applications (SPAs) do not persist sessions by default. Typically, if you close your web browser while logged in to a Sitecore SPA, the application's session ends immediately. However, in some situations this cannot be fully enforced, such as when:

Your browser has a session restore setting enabled. Restoring the session also restores the SPA's session cookie.
You close the tab containing your Sitecore SPA without closing the entire browser.

In these cases, the Sitecore IdP session timeout of 10 hours still applies.

Do you have some feedback for us?

If you have suggestions for improving this article,