I have a question regarding JWT authentication and session management. I have read two approaches and want to know which is better/optimal for 10k to 20k users login per month.
First :-Medium Post Building a User Auth system
Second :-Vonage Post Building a User Auth with Redis
In the first the refresh token is made up of a custom key=user.id +tokenhash (token hash is a random string and changed on password change) and refresh token does not have a expiration. The custom key is made again for comparing and then validating.
In the second the refresh token along with the access token is made with uuid then stored in Redis for session and in this refresh token has a expiration and it is changed when new access token is requested.
Some doubts I have
In second approach will storing the tokens in Redis will lead to a significant increase in server usage or a minimal increase.
When the refresh token is changed along with the access token what will happen to the expiry of refresh token will it be reset.
Please tell if I got something wrong in understanding