The 'iat' is not refreshed in refresh() method, which cause the user will eventually kicked out though he keep refreshing token. #249
Comments
…d out if the token is kept refreshing until the 'exp' hit 'JWT_REFRESH_TTL' PHP-Open-Source-Saver#249
|
Can you make a PR to look at? |
|
no problem, the change is easy just 2 lines of code only. |
|
Don't forget the tests 😅 |
|
I'm new to Laravel so this takes me more time to write and run test, meanwhile if anyone is interested, could first can take a look to the code change here |
|
Hi! I'm experiencing this exact issue and the code change suggested by @amos-yau is working. Let me check if I can send a PR. For context: To replicate this issue, I opened multiple tabs of the same application in my browser. I let the app send periodic requests (such as using setTimeout) and waited for the refresh token flow. At first, I thought that enabling the grace period would be sufficient, but it didn't work because the users were still getting kicked out, until I found this issue, implemented the change in the vendor file, and checked this works. |
If you want to can open the pull request and add the tests too. |
|
PR opened :) #256 |
Subject of the issue
Please refer to the issue and comment in the origin repository here:
tymondesigns/jwt-auth#2241 (comment)
Your environment:
Steps to reproduce
Scenario and steps is in the above issue url.
Expected behaviour
The new token 'iat' generated by refresh() method shall be renewed as now().
Actual behaviour
The new token 'iat' generated by refresh() method now is fixed the same as old token.
The text was updated successfully, but these errors were encountered: