You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I faced a really strange problem and it took me a while to understand it fully.
I reduced the token expiration time from 3 weeks to some minutes and then the users couldn't log in my application anymore, I realized that the user was logging in, receiving a new token but the new token was not being persisted on the database.
The problem was that I allowed just one connected device (through 'max_number_of_devices' config) and the criteria to clear old tokens was based on the expiration time - leaving only the token that will take longer to expiry - so my new 'expiry in minutes token' had been deleted every time it was created.
I'm not sure about why there isn't a 'created_at' attribute to track tokens so I'll leave this issue here, if it seems promising I'll open a PR.
The text was updated successfully, but these errors were encountered:
Hi, everyone.
Recently I faced a really strange problem and it took me a while to understand it fully.
I reduced the token expiration time from 3 weeks to some minutes and then the users couldn't log in my application anymore, I realized that the user was logging in, receiving a new token but the new token was not being persisted on the database.
The problem was that I allowed just one connected device (through 'max_number_of_devices' config) and the criteria to clear old tokens was based on the expiration time - leaving only the token that will take longer to expiry - so my new 'expiry in minutes token' had been deleted every time it was created.
I'm not sure about why there isn't a 'created_at' attribute to track tokens so I'll leave this issue here, if it seems promising I'll open a PR.
The text was updated successfully, but these errors were encountered: