TransWikia.com

Implementing a "remember me" mechanism using access token and refresh token in a web server

Software Engineering Asked by Two Horses on January 14, 2021

I’m implementing a "remember me" feature in my web app using access tokens and refresh tokens to authenticate users (Node.js). I have a few question about this approach:

  1. Why is a long-lived refresh token needed? Why can’t I just sign an access token that will be long-lived (1 year or 6 months)?
  2. What happens when a user logs out? The access and refresh tokens are still valid (Is there a solution to this without storing them in a blacklist collection in the DB or Redis? Because it is not very scalable if I use micro-services or load balancer with multiple servers)
  3. Is a JWT approach better than a session based one (cookies for instance)?

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP