Keep sessions alive: proactive token refresh + longer access TTL
All checks were successful
Deploy GSM / deploy (push) Successful in 27s
All checks were successful
Deploy GSM / deploy (push) Successful in 27s
The 15m access token only refreshed on a 401, but the dashboard uses optionalAuth and returns 200 even with an expired token, so the live page never noticed expiry until a manual reload. Backend: ACCESS_TOKEN_TTL 15m -> 1h. Frontend: export refreshAccessToken; App.jsx schedules a refresh ~1min before the token expires (and on tab focus/return), and logs out cleanly (redirect to /login) if the refresh token is gone — no reload needed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -7,8 +7,9 @@ import { createRefreshToken, verifyRefreshToken, revokeRefreshToken, revokeRefre
|
||||
|
||||
const router = Router();
|
||||
|
||||
// Access token lifetime (short-lived; client refreshes automatically)
|
||||
const ACCESS_TOKEN_TTL = '15m';
|
||||
// Access token lifetime. The client refreshes proactively before this elapses
|
||||
// (and on any 401), so the session stays alive transparently via the refresh token.
|
||||
const ACCESS_TOKEN_TTL = '1h';
|
||||
|
||||
// Initialize Discord + refresh token tables
|
||||
initDiscordUsers();
|
||||
|
||||
Reference in New Issue
Block a user