|
|
|
|
|
|
by xanadohnt
3475 days ago
|
|
|
The client can hold onto the token indefinitely, the server doesn't care. But next time a request comes in with that token it will be expired. The server validates the timestamp which is part of the encrypted payload that only the server can decrypt; instant validation and no DB lookup. |
|
|