JWT Session Lifecycle
HR COREHub utilizes secure JSON Web Tokens (JWT) to authenticate requests and secure user data across active portal sessions.
How Sessions Work
When you successfully log in:
- A short-lived Access Token is issued to authenticate standard user queries.
- A long-lived Refresh Token is securely stored to request new access tokens automatically without requiring you to re-type credentials.
Security Controls
- Access Token Expiry: Access tokens expire after 15 minutes of inactivity.
- Refresh Token Expiry: Refresh tokens expire after 24 hours of inactivity.
- Session Expiry Warnings: The system will display a warning dialog 2 minutes before the refresh token expires. You can click "Extend Session" to refresh your tokens.
- Force Logout: If the system detects a session conflict or token compromise, it will automatically invalidate the refresh token and direct you back to the login screen.