DOPΣ - it was just bloat code, was checking ses...
it was just bloat code, was checking session token expiry client side, but api already checks it with db, so we dont need this
what needs to change in server? i guess its doing fine, will send session_not_found if session expired??
or something i am missing
4 Replies
if session is expired why don't we throw an error
session_expired instead of session_not_foundare sessions automatically deleted?
i think they persist on the backend indefinitely but not sure
eventually we'll probably clear them with a cron
you sometimes keep sessions for security purposes so that you can reverse or have audit logs, e.g. if a session is compromised, we're not super worried about that atm though