Decrease in token expiry time #162
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
elanlaw1206
reviewed
Dec 17, 2025
Contributor
elanlaw1206
left a comment
elanlaw1206
left a comment
There was a problem hiding this comment.
Hi Harsh,
Thanks for the nice improvement. reducing the access-token lifetime is a sensible security hardening step, and the change itself is clean and easy to follow.
A couple of small things to tidy up before/around merge:
- The comment in authService.js still says “15 minutes” while the value is now 10m, just update the comment for clarity.
- This PR also includes some Vulnerability_Tool files and .docx artifacts. They look unrelated to the token-expiry change, so suggest removing them from this PR (or handling them separately) to keep scope clean.
Overall direction looks good. Thanks for tightening the session window.
Thanks!
King Hei
… and token management, and add initial health news tests.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By reducing the token expiry time, active sessions are limited to shorter lifespans. This minimizes the window of opportunity for attackers to exploit stolen or intercepted tokens, thereby mitigating the risk of session hijacking and strengthening overall security.