Contex
commented
8 years ago It would only change if the user changes their password if I recall correctly, I'm not sure if it changes if they change their username/email as well, I'd have to look up the code in that case.
I would store the hash in a database, and update it if the hash is invalid (re-authenticate).
Stupid question - does the user hash ever change? For example could I store it in a database then use it weeks or months later to query the api?