Phase out use of authentication context. Instead, use cookies. With cookies, switch to refresh token (cookie with long lifespan) to periodically get new auth token (cookie with short lifespan). That way the actual auth tokens will have a short lifespan (how do we keep the refresh token secure though?).
Phase out use of authentication context. Instead, use cookies. With cookies, switch to refresh token (cookie with long lifespan) to periodically get new auth token (cookie with short lifespan). That way the actual auth tokens will have a short lifespan (how do we keep the refresh token secure though?).
Corresponds with Server issue 41.