The problem is that even after expiration time that is 5 min for ID token and access token, the session is still validated for some reason I cannot understand. Can someone help me what should I Do?
let cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
await cognitoUser.getSession((err, session) => {
if (err) {
console.error(err.message);
return;
}
console.log('session validity: ' + session.isValid());
I tried waiting for 5 min or more to check if token has expired or not but it still says that it is valid whereas I was expecting it will go to refresh token function.
Advertisement
Answer
Ok, so I found what getSession does. It gets a token from your local storage, object storage or refresh token. Suppose it doesn’t find the currentUserSession when you call getCurrenUser(). In that case, it will use the refresh token to get the session. It simply means that the already available session data was nullified and replaced with the new one you just got. The session will always stay valid whenever it uses a refresh token to get session data.