This topic provides information about Zuora sessions.
Each session maps to a particular user, and all data created has the “Created By” information as that user. Zuora recommends using one session per user.
The default timeout value is 15 minutes. However, this can be configured in the Zuora application, under Administrative Settings > Security Policies. There the session timeout can be changed from as low as 15 minutes to as long as 8 hours.
There is currently no way to verify a valid session. If a session is invalid, the system will return an INVALID_SESSION error, which means that you need to log in again. The recommended approach is to keep a timer and when it passes the configured threshold minus a margin (for example, if the threshold is 15 minutes, then the timer should expire in 10 minutes), to log in again and get a fresh session.
INVALID_SESSION errors can occur when the user's session has reached the configured threshold. The code should retry again with the credentials to obtain a valid session.