Node.js - Should I refresh cookie with each request/response to update expiration time?

javascript node.js cookies express jwt

Authentication method

In my Node.js (w/ Express.js) back-end, I authenticate users using JWT that is stored in a cookie with HttpOnly flag. The cookie expires in N hours. A middleware checks if JWT is valid and either calls next() function or sends a 401 status.

Current behavior

If cookie expires, user must log in again, even if he was still using the app.

Desired behavior

I want the cookie to expire in N hours but as long as user is using the app, expiration time must be updated. User should log in again only if N hours have passed from the last time he interacted with the app.

Question

Should I send a new cookie with each response, even if the only thing that changes is expiration time? Is this considered a good practice?


what you need is called refresh-token

you can find more detail about refresh tokens on:

https://www.rfc-editor.org/rfc/rfc6749#section-1.5 and https://developer.okta.com/docs/guides/refresh-tokens/main/

Related

Need to return an array element from a hashtable based upon if the key's array contains a certain value
Laravel Shared Hosting .htaccess
I need to verify that the Huawei Health app is installed on IOS [duplicate]
chromeos - chrome can't reach 127.0.0.1:8080
How to pivot multiple times for different variables in one dataframe in R?
Datatables - highlight selected row
JavaScript error: Uncaught TypeError: $(...).onclick is not a function
Easiest way to filter a list
AWS cli s3api put-bucket-tagging - cannot add tag to bucket unless bucket has 0 tags
Ordered versus unordered containers in C++
What is JSON and ymal models in tensorflow?
When using brownie I can't use external modules, pip install doesn't work brownie