If you have an expired jwt cookie in your browser then the client API will completely disregard it, while any server-side actions will still try to use it. As it doesn't know the auth is expired. This creates a scenario where server actions fail because of invalid auth.
We need to make sure that (a) the client and server are on the same page reg. cookies, using and managing them in the exact same way. Also, (b) the client should delete the cookie from the browser after expiry to make sure it's not passed to any server requests.
If you have an expired
jwtcookie in your browser then the client API will completely disregard it, while any server-side actions will still try to use it. As it doesn't know the auth is expired. This creates a scenario where server actions fail because of invalid auth.We need to make sure that (a) the client and server are on the same page reg. cookies, using and managing them in the exact same way. Also, (b) the client should delete the cookie from the browser after expiry to make sure it's not passed to any server requests.