Closed ateska closed 1 year ago
The token is immutable once issued. To extend its validity we would need to issue a new one with the same track ID. For cookie token this means adding a Set-Cookie header in introspection response, which is fine since this mechanism is already in place. For access token this would require an active token refresh call, which is not supported in Seacat Auth yet.
To lower the number of sessions stored in the database, I want to introduce the concept of algorithmic sessions.
Algorithmic Session is not stored in the database, it can be however reconstructed from the session identification (Cookie, access token).
This is (currently) only for anonymous sessions.