And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.