# Configuration ## Environment Variables ### NUXT_SESSION_ROTATES_TIMEOUT Time in seconds before a session need to be rotated over into a new session. When an endpoint using a session is hit after the session rotates timeout but before the session is discarded a new session is created as the successor with a new rotates and discard timeout. The old session then marked to expire in 10 seconds any requests using the old session will result in a 403 Forbidden with the message the session has been taken after the expiry. ### NUXT_SESSION_DISCARD_TIMEOUT Time in seconds before a session is deleted from the client and server, resulting in the user having to authenticate again if the session wasn't rotated over into a new session before this timeout. This should be several times greater that `NUXT_SESSION_ROTATES_TIMEOUT`.