Session stores data during the auth process with Salesforce. Expiry of access token is not provided by Salesforce, it is just controlled by timeout configured in auth2 settings by individual users Only way to check whether access token has expired or not is based on the response you receive if you try using access token and get some error Also, For salesforce refresh token to work follow these else remove scopes from here On, navigate to where you app is configured. (Setup > Create > Apps) Under Connected Apps, click on your application's name to view its settings, then click Edit. Under Selected OAuth Scopes, ensure that "Perform requests on your behalf at any time" is selected. You must include this even if you already chose "Full access". Save, then try your OAuth flow again. It make take a short while for the update to propagate.