Token Expire Time Management

[yxdy1990]

Do you have any idea for the managment of token expire?

[bootsrc]

Do you have any idea for the managment of token expire?
Reply
This is a good question! I want to add expireTome (expireDelta = Delta) to the project, but I don't have time to do it yet.
This is my solution.

Persist expireDelta = Delta (expire interval value) to the database. And write it in redis at the same time.
When the user invokes the web API, if the permission authentication passes, set updated 'endTime' to redis( Now endTime = oldEndTime + Delta )

If the user is calling the web API frequently and at intervals < Delta., it can access the API normally all the time without being blocked to the login window. If curentTime < endTime, let the request go ahead.

Just like QQ login. If you log in every day, you can log in automatically. If you don't log in for 2 months, you need to re-enter your password to log in.

Thank you for your support!

[yxdy1990]

Quick response ! Got it.
But I think that It's better to have one API to do the "refresh" action. Instead of updating endTime in every API request. This is my humble opinion.

Thanks !

[bootsrc]

Yes, this is one option