Skip to main content
Software Engineering

Return to Answer

deleted 28 characters in body
Source Link
Zalomon
Zalomon
  • 1.2k
  • 3
  • 8
  • 18

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure this and its duration may be anything between a couple of minutes and forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used;used or it can be an explicit token refresh method. If I had to choose I'll go for the first method, but that's just an opinion.

At last, but not leastAlso, most systems also have a token revocation method that can be invoked to immediately invalidate the token.

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure this and its duration may be anything between a couple of minutes and forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used; or it can be an explicit token refresh method. If I had to choose I'll go for the first method, but that's just an opinion.

At last, but not least, most systems also have a token revocation method that can be invoked to immediately invalidate the token.

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure this and its duration may be anything between a couple of minutes and forever. Also most systems have a token refresh method: it can be automatically after any use of the token, considering the expiration time of the token from the last time it was used or it can be an explicit token refresh method. If I had to choose I'll go for the first method, but that's just an opinion.

Also, most systems also have a token revocation method that can be invoked to immediately invalidate the token.

Minor edits to make the whole thing more readable.
Source Link
Zalomon
Zalomon
  • 1.2k
  • 3
  • 8
  • 18

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure itthis and itits duration may last frombe anything between a couple of minutes toand forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used; or it can be an explicit token refresh method. If I had to choose I'll go for the first method, but that's just an opinion.

At last, but not least, most systems also have a token revocation method that can be invoked to immediately invalidate the token.

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure it and it may last from a couple of minutes to forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used; or it can be an explicit token refresh method. If I had to choose I'll go for the first method but that's just an opinion.

At last but not least most systems also have a token revocation method that can be invoked to immediately invalidate the token.

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure this and its duration may be anything between a couple of minutes and forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used; or it can be an explicit token refresh method. If I had to choose I'll go for the first method, but that's just an opinion.

At last, but not least, most systems also have a token revocation method that can be invoked to immediately invalidate the token.

Source Link
Zalomon
Zalomon
  • 1.2k
  • 3
  • 8
  • 18

As @Harry Ninh said in the comments the token expiration tends to be a matter of your needs, most systems will let you configure it and it may last from a couple of minutes to forever. Also most systems have a token refresh method: it can be could be automatically after any use of the token, considering the expiration time of the token from the last time it was used; or it can be an explicit token refresh method. If I had to choose I'll go for the first method but that's just an opinion.

At last but not least most systems also have a token revocation method that can be invoked to immediately invalidate the token.