I note that Session Settings allows you to have sessions expire as often as low as 15 minutes. However, I believe this is related to browser sessions and sure enough they do time out as expected.
However, I have a scheduled batch job (runs hourly) where I inject the Session Id as part of the initial state of the scheduled job (which then passes it to batch). The batch job then makes a callout using a REST service, e.g.:
req.setHeader('Authorization', 'OAuth ' + sessionId );
This job has been running for over a day now and the session does not appear to expire.
As it happens, this behaviour is perfect for my use case but I am concerned it won't be reliable. When will the session timeout? Can I rely on it?
Best Answer
Sessions expire after the specified amount of idle time (see below), rather than an absolute time period. So, assuming your session timeout is at least an hour, you will keep it active by making a call every hour.
I wouldn't rely on this behavior for the long term, though. If the org admin reduces the session timeout, you will find your batch job failing. A more robust solution would be to do OAuth, keep the refresh token, and exchange it for an access token (aka session id) every hour (simpler) or whenever you get a session expired response (more efficient, but more complex).
The actual session timeout behavior, from the docs: