checkSession and require_login timing questions

HI there,

I’m sorry if this question has been answered already, I’ve not been able to find one that relates to our issue.

We are using the Implicit Flow and use checkSession() to renew the token when the current token has expired, which is working well.

However, we’re a little confused as to when checkSession() eventually stops working and we get the impassable login_required. Generally, this happens when I come back to my development machine in the morning, after a 12+ hour break.

We had assumed that this was connected to the timing values in the following fields:

  • API > token expiration
  • API > token expiration for browser flows
  • Applications > App > JWT expiration

However, if we set them all to 20 seconds we still don’t get the login_required message as we thought we would, after 20 seconds.

Could someone explain:

  1. why the updated timings don’t seem to have an effect on the login_required message
  2. what we need to do to fix this
  3. what the rationale is behind the full login and
  4. how we should handle that in the app to minimise user disruption (the user will lose their current state if they have to go through the login flow again)

Is there a bit of the docs we should read to understand this?

Many thanks,