Problems to refresh a forever session token


#1

Hi!

I’m trying to make a forever session to work, but after I send a PUT request to /user/session I get a new token.

This is what I’m doing (always using the embedded test_rest.html client):

  1. POST to /user/session and copy the session token.
  2. I’m able to use this token to access any resource allowed by this user’s role.
  3. After the session TTL expires (currently set to 60) any request using this token returns a message saying the token has expired (everything is ok up to this point).
  4. I use the expired token to send a PUT request to /user/session trying to refresh it (following the instructions from http://wiki.dreamfactory.com/DreamFactory/Tutorials/Using_Forever_Session), but by doing so I get a brand new token in response to this request, and the token acquired in step 1 is still “expired”.

I’m running the Bitnami stack and my .env file has the following information uncommented:

DF_ALLOW_FOREVER_SESSIONS=true
DF_JWT_TTL=60
DF_JWT_REFRESH_TTL=20160

I can see these options enabled when I GET /system/environment.

Why am I getting a new token instead of refreshing the old one?

Thanks!

Elvis


#2

This is expected behavior. See http://wiki.dreamfactory.com/DreamFactory/Tutorials/Refreshing_a_JWT
and
http://wiki.dreamfactory.com/DreamFactory/Tutorials/Forever_sessions


#3

Ouch… I overlooked the sentence “Sessions may be refreshed to receive a new session_token”… my bad!

Of course, this is a forever session, not a forever “token” :laughing:

Thank you!

Elvis Fernandes


#4

Right on!
You can build your app to refresh the token in the background without user input, the same way the admin app does.


#5

how to reconfigure angular2 bootstrap after refreshing token ?

and is there any to check token status ?