New sessions after you update the setting will have the new expiry
Vizualinx
1 month ago
Oct 31, 2024, 2:00 PM
I understood that the secure way is to leave the token expire after 1 hour (as is the default) and refreshing the token after every hour. Have I got it right? (Sorry, never dealt with this kind of stuff..)
Lucas G
1 month ago
Oct 31, 2024, 2:20 PM
Depends on what you mean by 'secure'
Usually that means storing the refresh token somewhere easy to access such as session storage
Which is easy to access by most things which makes it not 'secure'
Imo setting a longer expiry is fine
Lucas G
1 month ago
Oct 31, 2024, 2:22 PM
The database itself should be protected anyways
Vizualinx
1 month ago
Oct 31, 2024, 2:32 PM
ok, Thanks @Lucas G
MartinF
1 month ago
Oct 31, 2024, 4:10 PM
@Vizualinx to get it to auto refresh the token after an hour you need to use supabase-js. That automatically sets the cookie to local storage. If you set a listen event for token login and token refresh you can add the data to the Toddle session cookie so Toddle always has a token that is valid and is refreshed in the background. You can also listen for log out events in case a user logs out in a different tab or on a different device which is a plus.
Default for supabase-js is to persist to local storage along with refresh token, so not great. You can set it http-only cookie (which i've now just done, thanks!!), or you could not persist it at all.