[zaarn]

You don't specifically need JS here.

Any endpoint could automatically update the user session token when it detects it's about to run out and update the cookie that it is stored in.

[jehlakj]

Oh right! I totally forgot that you could use cookies for JWT. It's been a while, but I think the reason why I didn't think of it was because, if you're using cookies to transport jwt, couldn't you just use signed cookies with a set expiration date?