Two secrets must be in rotation at any given time:
- Current: used for creating new sessions and validating incoming non-expired sessions
- Previous: validating incoming non-expired sessions, e.g. sessions signed by yesterday's key
Since each Secret expires (default of 1 day), the
window of a non-expired Session is somewhere between the expiry of
the current Secret and the previous Secret
Two secrets must be in rotation at any given time: - Current: used for creating new sessions and validating incoming non-expired sessions - Previous: validating incoming non-expired sessions, e.g. sessions signed by yesterday's key
Since each Secret expires (default of 1 day), the window of a non-expired Session is somewhere between the expiry of the current
Secret
and the previousSecret