This tutorial builds on the concepts covered in the other User Authentication tutorials. Normally JWT session tokens can only be refreshed prior to the
DF_JWT_REFRESH_TTL timer expiring. By enabling forever sessions you can force the system to ignore
DF_JWT_REFRESH_TTL and allow refresh at any time (forever). This is similar to the Facebook model, where a device remains logged into an account forever, unless explicitly logged out. The session token will still expire after
DF_JWT_TTL and require refreshing, but it can be refreshed forever.
To set up forever sessions, configure
DF_JWT_TTL in the
.env file. Note that
DF_JWT_REFRESH_TTL will be ignored once
DF_ALLOW_FOREVER_SESSIONS is set to
.env file for a DreamFactory instance is located at the installation's root directory. Refer to the example
.env-dist file provided in the GitHub repository here.
.env, add or un-comment this line and set the value to
.env, add or un-comment this line and set the value to your desired TTL in minutes. A session refresh will be required to receive a new
session_tokenafter this many minutes.
- The above setting will require a session refresh every 12 hours (720 minutes).
3. Clear config
- Run this command from the root directory for your DreamFactory instance installation.
php artisan config:clear
- A forever session is instantiated if the client sets
"remember_me": trueat login.
- Sessions may be refreshed to receive a new session token at any time, including after
- If a session is deleted, it may no longer be refreshed. Logging in again with valid credentials will be required.