I have a mobile & web app with JWT authentication. The token expires every hour and is refreshed and has a total life of 10 days, so after 10 days they have to log back in. Now where I’m stuck is how to handle persisting the login so when the user comes back to the app they can skip the login screen if they are authenticated. I would also like to trigger this method when I have an error in some of my HTTP requests so user is taken back to the login page.
Here is some pseudo code I wrote
// Check if token is null // Return false & pop back to root // Check if token is expired // Attempt to refresh // If refresh successful continue to page 1 // Else return false & pop back to root // Anything else: Pop back to root
I was thinking of maybe also creating a status which is saved to storage which is either ‘loggedIn’ or null and checking that along with checking if the token is null. Not sure if its needed though.
If anybody has an examples on a good way to implement this or a smarter way that would be greatly appreciated.
Also would it be a good idea to check on every page to make sure the user is still authenticated?