Skip to main content

JWT Session Lifecycle

HR COREHub utilizes secure JSON Web Tokens (JWT) to authenticate requests and secure user data across active portal sessions.

How Sessions Work

When you successfully log in:

  • A short-lived Access Token is issued to authenticate standard user queries.
  • A long-lived Refresh Token is securely stored to request new access tokens automatically without requiring you to re-type credentials.
Diagram showing the JWT session lifecycle and Refresh Token Rotation mechanism of the HR COREHub system

Security Controls

  • Access Token Expiry: Access tokens expire after 15 minutes of inactivity.
  • Refresh Token Expiry: Refresh tokens expire after 24 hours of inactivity.
  • Session Expiry Warnings: The system will display a warning dialog 2 minutes before the refresh token expires. You can click "Extend Session" to refresh your tokens.
  • Force Logout: If the system detects a session conflict or token compromise, it will automatically invalidate the refresh token and direct you back to the login screen.