What is a reasonable expiration date for sso sessions stored in the database?

The developer guide recommends to call DeleteExpired from time to time.
What is a reasonable \ recommended expiration date to send? is it the session time of the user? or there is an update by the idp from time to time?
minutes? hours? days?

This is dependent on how many users are SSO’ing to your site. If there are many users, you would want to delete expired entries more frequently so your database table doesn’t get too big. If there are few users you can do this less frequently.

I recommend deleting expired entries at least once a day. You can increase this frequency depending on how large the database table gets and whether this is an issue for you. I wouldn’t expect you’d have to perform deletions any more frequently than hourly but daily is more likely.

The alternative to calling the DeleteExpired method is to use a database batch job to delete expired entries. However, in both cases, the frequency of performing these deletions is dependent on what makes the most sense for your deployment.

Just for clarification, the data is used only in the login process?
Assuming the login process takes up to 1 min, I can clean the sessions every 5 mins?

It’s used for single sign-on (SSO) and single logout (SLO).

If you’re not supporting SLO you can delete the entry immediately after SSO completes.

Thank you

You’re welcome.