# Configuration ## Environment Variables ### NUXT_SESSION_EXPIRES_TIMEOUT Time in seconds before a session is considered expired and need to be rotated over into a new session. When an endpoint using a session is hit after the session expires but before the session is discarded a new session is created as the successor with a new expiry and discard timeout. The old session then considered to have been superceeded and any requests using the old session will result in a 403 Forbidden with the message the session has been taken. ### NUXT_SESSION_DISCARD_TIMEOUT Time in seconds before a session is deleted from the client and server, resulting in the user having to authenticate again if the session wasn't rotated over into a new session before this timeout. This should be several times greater that `NUXT_SESSION_EXPIRES_TIMEOUT`.