Preflight checklist
Ory Network Project
No response
Describe your problem
I'm implementing an application where I want to have long time session tokens to not force my users to re-login after any period of time. Basically I want them to stay logged in, even for years, for User Experience purposes. But I want to regenerate the session token every 24 hours to reduce an attack vector where one could try to guess the session token over time to get access to an account.
Describe your ideal solution
Ideal solution would be to make an endpoint that may be enabled by config that regenerates the session token or cookie with a new value.
Either by an admin endpoint or user endpoint, e.g.
/sessions/regenerate
Or
/admin/sessions/{id}/regenerate
Workarounds or alternatives
As far as I checked there is no workaround without breaking the intended User Experience
Version
v25.4.0
Additional Context
No response
Preflight checklist
Ory Network Project
No response
Describe your problem
I'm implementing an application where I want to have long time session tokens to not force my users to re-login after any period of time. Basically I want them to stay logged in, even for years, for User Experience purposes. But I want to regenerate the session token every 24 hours to reduce an attack vector where one could try to guess the session token over time to get access to an account.
Describe your ideal solution
Ideal solution would be to make an endpoint that may be enabled by config that regenerates the session token or cookie with a new value.
Either by an admin endpoint or user endpoint, e.g.
/sessions/regenerate
Or
/admin/sessions/{id}/regenerate
Workarounds or alternatives
As far as I checked there is no workaround without breaking the intended User Experience
Version
v25.4.0
Additional Context
No response