DevAtlas

Learn

  • Dashboard
  • Learning Paths
  • All Categories
  • Topics

Practice

  • Interview Questions
  • Flashcards
  • Quizzes
  • Study Plans

Personal

  • Bookmarks
  • Notes
  • Progress
  • PDF Library
  • Settings
  • About
  1. Interview Questions
  2. A teammate proposes making access tokens valid for 24 hours so users rarely need to refresh. What are the risks, and what would you recommend?
0%
ScenarioIntermediateSecurity

A teammate proposes making access tokens valid for 24 hours so users rarely need to refresh. What are the risks, and what would you recommend?

Follow-up questions

  • How could you add revocation to otherwise stateless access tokens?
  • What lifetime would you pick for the refresh token, and why?

Related topics

JWT (JSON Web Tokens)Authentication vs Authorization
#tokens#security#session-management