Anonymous
8/17/2025, 3:07:36 AM
No.106285945
>>106285512
my guess is that they can have independent expirations and you can also immediately invalidate a refresh token upon use (if you tie it to a session persisted somewhere else), while in the way you're describing, after the token expires the user is left with noa-ccess to the application until they log in again
my guess is that they can have independent expirations and you can also immediately invalidate a refresh token upon use (if you tie it to a session persisted somewhere else), while in the way you're describing, after the token expires the user is left with noa-ccess to the application until they log in again