The short-term session (represented as JWT) has a limited validity period and requires refreshing. To accomplish this, the refresh logic, written in JavaScript, must be integrated into your frontend. The logic consists of two main components: the session watcher and the refresh routine.

Session watcher

The session watcher checks every 200 ms if there exists a short-term session (represented as JWT) cookie. If so, it starts the refresh routine.

If there is no short-term session (represented as JWT) cookie present, the session watcher stops a potential running refresh routine (except it is a no Internet connection scenario, then it tries to start the refresh routine every ten seconds).

Refresh routine

In order to refresh the short-term session (represented as JWT), a JavaScript timeout is initialized that runs out ten seconds before the JWT expires. This timeout fetches a new JWT from the Frontend API. On this fetch, the long-term session (represented as session ID with database entry) cookie gets transferred and the refresh routine issues a new short-term session (represented as JWT) for you.

Based on the new expiration time point, the refresh routine starts once again. In case there is no internet connection, it tries every ten seconds to refresh the short-term session (represented as JWT).