Once a visitor completes verification, Veriox issues them a session. This lets them browse your site without being prompted to verify again until the session expires.
Choosing a session length
| Duration | Good for |
|---|
| 1 hour | High-security or compliance-sensitive use cases |
| 24 hours (default) | Most sites — balances convenience and recency |
| 7 days | Low-friction experience for returning visitors |
| 30 days | Minimal re-verification, best for loyal returning audiences |
Setting session duration in the portal
Go to your worker in portal.veriox.io → Configuration → Session Duration and choose from the available options. Save and the change applies to new sessions immediately.
Existing sessions are not affected when you change this setting — they will expire at their original time.
How the session works
Veriox stores the session as a cookie on your domain. It is:
- Signed — tamper-proof, validated by the worker on every request
- HttpOnly — not accessible to JavaScript on the page
- Secure — only sent over HTTPS
- SameSite=Lax — protected against cross-site request forgery
The cookie is scoped to your domain only and does not track visitors across other sites.
For developers — Wrangler CLI
If you deployed via Wrangler, session duration is set in wrangler.toml as a number of seconds:
[vars]
VERIOX_SESSION_TTL = "86400"
| Duration | Seconds |
|---|
| 1 hour | 3600 |
| 24 hours | 86400 |
| 7 days | 604800 |
| 30 days | 2592000 |
wrangler deploy. 
