In this meeting, the participants discuss the need to implement a session expiration feature in their app to enhance security. They decide to set a time limit for the tokens that are generated during the login process. They suggest using seconds to measure the length of the token's expiration time. They also discuss the possibility of including the expiration time as a response variable and recommend adding it to the front end. They mention the option of creating an additional endpoint called "auth renew" to refresh the token and suggest triggering it regularly to maintain a valid session. They compare this process to the body's natural rhythms and suggest associating it with user activities on the front end. The meeting highlights the importance of finding the right balance between refreshing the token frequently enough without compromising security by having too many tokens in circulation. Overall, the participants feel that implementing this session expiration feature will greatly enhance the app's security and user experience.
(Source: Office Hours 3/7 )
Join State Change Risk-Free