Separates the refresh token from the session since the refresh token is only being used in domain login and refresh token endpoints. This optimizes the size of the session to only carry the details that are required by the other endpoints and makes the Refresh token not accessible to all the endpoints.
What type of PR is this?
What does this do?
Separates the refresh token from the session since the refresh token is only being used in domain login and refresh token endpoints. This optimizes the size of the session to only carry the details that are required by the other endpoints and makes the Refresh token not accessible to all the endpoints.
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Did you document any new/modified functionality?
Notes