diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2024-09-11 21:52:57 -0400 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2024-09-11 21:54:57 -0400 |
| commit | b16742b0e782bc795fa748d46c3eb6438fb19adc (patch) | |
| tree | 4e31515c57cc896fcdca953c73d62828ac303d1e /src/login/routes.rs | |
| parent | 4563f221bf61123b15f9608bb14e8f46db05e4f6 (diff) | |
Expire tokens based on when they were last used, not based on when they were issued.
This lets us shorten the expiry interval - by quite a bit. Tokens in regular use will now live indefinitely, while tokens that go unused for _one week_ will be invalidated and deleted. This will reduce the number of "dead" tokens (still valid, but _de facto_ no longer in use) stored in the table, and limit the exposure period if a token is leaked and then not used immediately.
It's also much less likely to produce surprise logouts three months after installation. You'll either stay logged in, or have to log in again much, much sooner, making it feel a lot more regular and less surprising.
Diffstat (limited to 'src/login/routes.rs')
0 files changed, 0 insertions, 0 deletions