Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Remove id refresh token

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-10-25

Context and Problem Statement#

We can remove the id-refresh-token, since we never really use the value and only check it as a clue for the existence of a refresh token.

Considered Options#

  • Leave as is
  • Remove

Decision Outcome#

We've chosen to remove the id refresh token, since we don't need it and we can solve it entirely in the FE

  • We have to change the expiration of the access token cookie (just the cookie) to 100 years.