Session Refresh

The session-token has a limited validity period and requires refreshing. To accomplish this, the refresh logic, written in JavaScript, must be integrated into your frontend. The logic consists of two main components: the session watcher and the refresh routine.

​

Session watcher

The session watcher checks every 10 seconds if there exists a session-token cookie and if the JWT is not expired. If either one fails, it starts the refresh routine.

​

Refresh routine

In order to refresh the session-token, 60 seconds before the session-token expires, a refresh will be triggered. This refresh fetches a new session-token from the Frontend API. On this fetch, the refresh-token cookie gets transferred and the refresh routine issues a new session-token for you.

In case there is no internet connection, it tries every ten seconds to refresh the session-token.