Description

This event is emitted when a session’s time-to-live has elapsed without being refreshed. A background process or lazy evaluation detects expired sessions and emits this event.

When emitted

Given an active session exists with a defined expiresAt timestamp, when the current time exceeds expiresAt and no refresh has occurred, then a SessionExpired event is emitted and the session transitions to the Expired state.

Downstream effects

• Session projection marks session as expired
• Session can no longer be used for authentication
• User must re-authenticate via OAuth to obtain a new session