Level 73
120 minutes means that the session should expire after 120 minutes of inactivity, otherwise it does not make sense, right? Do you want to be logged out after 120 minutes even though you are actively using the site/app?
Mar 26, 2022
2
Level 1
Understanding Sanctum with API
Hi everyone, I have a VUE frontend SPA and a Laravel (8) API backend. I'm trying to handle the authentication using sanctum and followed the official docs. Everything seemed to work fine until I looked a bit closer and noticed something weird. With every request that is sent to the backend a new session-cookie is being sent back. It seems that this is just due to the encryption, because I could verify in the session-file that the ID does not change and the session is persisted. However with every request the expiration date of the session is rest. Meaning that as long as requests are being sent to the API, the session will never expire despite the session-lifetime being set to 120 minutes. Is this really the intended behavior?
Level 1
@Nakov Coming from a stateless API world, I kind of expected the session to expire after 120 minutes. When you think of access tokens it would be very uncommon to renew their expiration time on every request. But I get sessions not being stateless are a different concept. So thanks for clarifying!
Please or to participate in this conversation.