• iamdevito

    iamdevito

    1 year ago
    I have read this blog 2 days before.
  • iamdevito

    iamdevito

    1 year ago
    I think 3-4 blogs of supertokens related to this.
  • r

    rp

    1 year ago
    I see. I don't really have much to add onto apart from what that blog says. Do you have any specific question maybe?
  • iamdevito

    iamdevito

    1 year ago
    Yeah.
  • iamdevito

    iamdevito

    1 year ago
    In that blog you guys saying about one rotating refresh token mechanism. I have implemented this mechanism before but it become endless session for a user.
  • iamdevito

    iamdevito

    1 year ago
    So how can we implement that rotating refresh token with specific expiration time.
  • r

    rp

    1 year ago
    You can have an expiration for the refresh token itself so that if the user is inactive for that much time, they will get logged out
  • r

    rp

    1 year ago
    alternatively, you can have a hard limit such that even if the user is active, when that hard limit is reached, rotating the refresh token would fail
  • iamdevito

    iamdevito

    1 year ago
    Ok
  • iamdevito

    iamdevito

    1 year ago
    I will choose first option