Token Lifespan

Token lifespan is the value of a certain expiration date of the generated token. The expired tokens will be deleted either once the user tries to log in or WP-Cron runs a clean-up task.

For the security concern, we encourage using a short lifespan for tokens, 5 minutes is a sweet spot and the plugin comes with that default.

Magic Login 1.2+ allows entering 0 as token TTL. In that case, token clean-up routines will be bypassing and the token will last forever.

PS: Regardless of lifespan, all tokens can only be used once.