Access & Refresh Tokens

Jawad SherJawad Sher
1 min read

Table of contents

Acces Token :

An access token is a credential used for user authentication and authorization to access a resource. It is typically generated using services like JWT (JSON Web Token) and sent to the user via cookies or headers. The access token is usually stored on the client-side (held by the user) and is not stored in the database. Its lifespan is short, often lasting only a few minutes or hours, ensuring quick expiration for security purposes.

Refresh Token :

A refresh token is also used for authentication, but it plays a different role. When the access token expires, the refresh token can be used to request a new access token without requiring the user to log in again, automating the re-authentication process.

The lifespan of a refresh token is longer than that of an access token, sometimes lasting days, weeks, or even months. Unlike access tokens, refresh tokens are typically stored both on the client side and in the database, adding an extra layer of security by ensuring the server can revoke them if needed.

0
Subscribe to my newsletter

Read articles from Jawad Sher directly inside your inbox. Subscribe to the newsletter, and don't miss out.

backendaccess and refresh tokensbackend developments

Written by

Jawad Sher
Jawad Sher

I’m a Full Stack Developer with a passion for building end-to-end applications, from backend architecture to responsive front-end interfaces. With a background in Computer Engineering, I specialize in designing efficient, scalable systems using the latest technologies. Beyond development, I’m also a dedicated Cybersecurity Practitioner, constantly honing my skills to ensure secure code and infrastructure. I actively participate in Capture the Flag (CTF) challenges on platforms like Hack The Box (HTB), TryHackMe (THM), PicoCTF, and CTFTime.org, where I tackle real-world cybersecurity problems and expand my knowledge in ethical hacking. Always eager to learn and share knowledge, I love engaging with the developer and cybersecurity communities. On this blog, you'll find articles covering full-stack development, security best practices, and insights from my experiences in CTF competitions.