Hi, I am wondering if DF supports invalidation of a session in the web application after a period of inactivity. It doesn’t seem so because even though you can set a TTL on the JWT token, each click in the web app refreshes the token even if it has expired. So the only way you force logout in the web app is if the entire session is beyond the DF_JWT_REFRESH_TTL, regardless of activity.
My installation: DF Gold version 4.2.1 on a local Bitnami Docker installation.
Thanks in advance for any help.