If another refresh is already happening, the most recent token will have changed when the lock is released, and with the current code, it will be refreshed again.
The following process had an issue:
We start two refresh requests
The first one takes the lock and refreshes the token, while the second gets the most recent token of the session, then waits for the lock
The first request finishes, put the new token in the database, and release the lock
The second request gets the lock, refreshes the token again. But it shouldn't, because now there is a valid most recent token for the session!
With this change, 4. becomes: The second request acquires the lock, gets the most recent valid token for the session, notices it is too new to refresh, and simply returns it.
If another refresh is already happening, the most recent token will have changed when the lock is released, and with the current code, it will be refreshed again.
The following process had an issue:
With this change, 4. becomes: The second request acquires the lock, gets the most recent valid token for the session, notices it is too new to refresh, and simply returns it.
Note: maybe we need a test for that.