- Test with 5 minutes set in admin

Question

shyam · Accepted Answer

- Test with 5 minutes set in admin
  - It was kicking me out during login and deleting my session
- When JWT is old, client will redirect to a page explaining they need to validate on mobile device and site is locked until they do this
- For logged out users redirect to page that says we are experiencing issues and all users must be logged in to view content
  - Reject all requests that aren’t valid except register which will immediately goto page explaining the need to goto mobile or on mobile opens verification

‌

- Do not delete sessions when human invalid, just stop them from making requests past authGuard
- SSR later, if human tracking on and JWT human date old it will just return nothing and let client handle with ec2 to authGuard
- Back end make sure not to use any part of JWT besides the sessionId. After sessionId check userId to JWT userId and user human verified from DB user model, not the JWT. The JWT is purely for SSR when we make it.

human verification update

Activity