Why do I get an info about expired session?
- Lucas Modzelewski (Unlicensed)
To provide authentication mechanism, "The Scheduler" uses JSON Web Token (JWT). Each token has declared expiration time. In theory there is no limit for expiration time of JWT. Everything depends on context where we use JWT. For trivial cases (most web pages), token may expire after 1 month.
Because of "The Scheduler" sensitive data (critical business data), the expiration time can not be too long. The best practice is set expiration duration for 15 minutes - as it's set in The Scheduler.
The point is that 15 minutes is best choice to keep the users more safe (JWT is validated for short time, even if has been stolen).
In the future, we are planning to improve refresh mechanism.
Feel free to tell us what topic should be covered: thescheduler@psc-software.atlassian.net