It adds new refresh token when another token already exist for logged in user

hagopj13 / node-express-boilerplate

A boilerplate for building production-ready RESTful APIs using Node.js, Express, and Mongoose

MIT License

6.66k stars 1.98k forks source link

It adds new refresh token when another token already exist for logged in user #274

Open mdmuhtasimfuadfahim opened 8 months ago

mdmuhtasimfuadfahim commented 8 months ago

I have hit the login API 10-15 times. All the times it creates new refresh token under tokens database. This bug should be solved as well as the #267 issue.

chintanshahts commented 8 months ago

It depends on your requirement. User can log in from multiple devices. If your product does not allow the multiple device login you need to remove the refresh token else all good.

mdmuhtasimfuadfahim commented 8 months ago

@chintanshahts yes. But with this boilerplate there is no device information is going at the time of login. So I think this would be a good solution and please check the issue #267. To solve this issue this might help.