Why server side session expiration is different than access token expiration?

[Jaydeep28]

Which version of Duende IdentityServer are you using?
V7

Which version of .NET are you using?
V8

Describe the bug
We are exploring server side session mechanism with entity framework store.
We have client defined with 'AccessTokenLifetime' value as 28800 (i.e. 8 hours) and SlidingRefreshTokenLifetime has default value i.e. 1296000.
When we enable the server side session (along with CoordinateClientLifetimesWithUserSession = true;) then details get stored into database, but 'expires' column of 'ServerSideSessions' is not in sync with Access token expiry time. Instead, it's always has 10 hrs from 'Created' time (Instead of 8 hours). Pls find attached screenshot for item.

Expected behavior

'Expires' should have same expiry time as Access token time.

Please find below item for reference..

[RolandGuijt]

CoordinateClientLifetimesWithUserSession synchronizes the lifetimes of the session and the refresh token. Not the access token.
You mention the lifetime of the refresh token is set to 15 days. Could it be that you limit the session lifetime somewhere in the configuration?

Also, as a side note: 8 hours seems like a long time to have the access token valid. I don't know your specific situation of course but more common is around 1 hour which will reduce the usefulness of the token should it be stolen.

[RolandGuijt]

@Jaydeep28 Did my comment answer your question? If so I'd like to close the issue. If not please let us know.