Sentiaus commented on issue #3737: URL: https://github.com/apache/texera/issues/3737#issuecomment-3325873303
> > Between these two designs, I prefer the first one. Any objections? > > I believe Design 1 is redundant I don't think Design 1 is necessarily redundant. If you have users who are constantly active, it would probably be better to keep them logged in, and force a sign out once every 2 weeks to a month for security reasons. I do think it's less effective if the token refresh is long. So would probably want to change the refresh to a shorter interval (24 or 48 hours) in this case. I do think it's effective if the re-auth is dynamic. For example, with a token refresh of 24 hours, setting admin re-auth to 72 hours, while user re-auth is 168 hours. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
