Closed AlexCuse closed 1 year ago
How do you plan to choose a
ttlSeconds
? Will it be based somehow on the access token lifetime?
Our plan was to keep a relatively short access token lifespan but keeping the cookie written by our app around longer to be used in refreshes, making that the effective ttl. But it will be a bit of a balancing act - if we need to to get it working we'll go as high with access token ttl as we do on the cookie, but we consider the frequent refreshes a feature we want to keep in most cases. Just running into what seems like problems with mobile browsers and "hibernating" tabs and looking to improve UX if we can.
Thinking about this more I wonder if dynamically deriving from the token expiry might be a better approach.
This library already relies on the token expiry for refreshes. 👍
@AlexCuse is this ready for release? i don't have any comments.
@cainlevy I think it should be in good shape just finished verifying everything in a local build of our app. Adding the optionality is nice so if there are any issues should only affect people who are using the new expiration functionality.
released in v1.4.0
We are seeing an issue on mobile safari where cookies with implied
expires= Session
don't survive with the tab and hoping setting an explicit TTL will help the browser hang onto them.