Great! ANd if you can't use the above, then you should associate the session's

sessionHandle

against the user info in your db. You can fetch the

sessionHandle

on the backend post session verification. This value never changes for a session even though the underlying access / refresh tokens keep changing.