Access Token & Websocket - Expiration Time
Access token is for authorization, I think he can't cut web socket data.
But If a session is authorized through an access token which is already expired, it wouldn't make sense that all relevant running connections should be also invalidated?
It will exactly doesn't mean to disconnect the websocket connection but in a way to restrict the data broadcast.
The session cannot be authorized through an access token which is already expired!
Your token expiration time ending over already session cookies authorization. You must to write some script to reloading the page after this time passed
You do not have token's expiry date explicitly with a token (after you created it) and you can not decide based on input from the user (if a token is provided).
Don't you think the proper way is to make this decision on the server side where we we have access to all api level resources?
An access token is created with an expiration time of one hour. Then a session cookie is created through this access token in order to connect with webscoket. The user has been connected to the webscoket through this newly created session cookie.
Now, the 1 hour time of the access token has been reached, but the user still receives the updates to the websocket endpoint.
What are the ways to invalidate this websocket connection also?