Files
geo/server/internal/shared/auth
root 283e8f6b46 fix: prevent forced re-login from concurrent refresh token rotation
Rotated refresh tokens now stay valid for a 60s grace window so
concurrent refreshes (e.g. multiple browser tabs) each obtain a valid
new pair instead of being logged out. Admin-web additionally serializes
refreshes across tabs via the Web Locks API and reuses tokens already
rotated by another tab.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 20:55:19 +08:00
..
2026-05-20 15:37:25 +08:00