Expire tokens based on when they were last used, not based on when they were issued.

This lets us shorten the expiry interval - by quite a bit. Tokens in regular use will now live indefinitely, while tokens that go unused for _one week_ will be invalidated and deleted. This will reduce the number of "dead" tokens (still valid, but _de facto_ no longer in use) stored in the table, and limit the exposure period if a token is leaked and then not used immediately. It's also much less likely to produce surprise logouts three months after installation. You'll either stay logged in, or have to log in again much, much sooner, making it feel a lot more regular and less surprising.
author: Owen Jacobson <owen@grimoire.ca> 2024-09-11 21:52:57 -0400
committer: Owen Jacobson <owen@grimoire.ca> 2024-09-11 21:54:57 -0400
commit: b16742b0e782bc795fa748d46c3eb6438fb19adc (patch)
tree: 4e31515c57cc896fcdca953c73d62828ac303d1e /migrations
parent: 4563f221bf61123b15f9608bb14e8f46db05e4f6 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/migrations/20240912013151_token_last_used.sql b/migrations/20240912013151_token_last_used.sql
new file mode 100644
index 0000000..0b45cd9
--- /dev/null
+++ b/migrations/20240912013151_token_last_used.sql
@@ -0,0 +1,6 @@
+alter table token
+add column last_used_at text
+	not null;
+
+update token
+set last_used_at = issued_at;
author	Owen Jacobson <owen@grimoire.ca>	2024-09-11 21:52:57 -0400
committer	Owen Jacobson <owen@grimoire.ca>	2024-09-11 21:54:57 -0400
commit	b16742b0e782bc795fa748d46c3eb6438fb19adc (patch)
tree	4e31515c57cc896fcdca953c73d62828ac303d1e /migrations
parent	4563f221bf61123b15f9608bb14e8f46db05e4f6 (diff)