24

I am using Django Rest Framework token-authentication mechanism.

http://www.django-rest-framework.org/api-guide/authentication#tokenauthentication

It creates database table with field created with the value equal to the timestamp, when te token was created. E.g: 2014-04-07 07:42:50.395626

Anyone knows how long is this token valid? I can not find this info on mentioned website.

I am also wondering, that this token is still valid, even when the user changes password. Shouldn't it generate a new one, or at least make the old on no more valid?

Improve this question

1 Answer 1

Reset to default
33

Answer to this question can be found HERE:

SHORTLY: this token is valid infinitely long.

If you would like to have token, which expires after certain time, please refere to examples shown in mentioned question.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Today I noticed that the default token was expired after some days. I did not do any customization. I wonder if there has been any change in Django.
@DavidPiao Please confirm, you said the token expired after some days without any customization? If so was a new one generated after it expired?
@Bruce, yes, I met such a case. But after that, could not reproduce it. I am not 100% sure.
It was my fault. Yes I confirm it lives forever
@DavidPiao A token expires (becomes invalid) if you log out on any client as there is only one token per user. Example: You log into you web application from 2 different computers with the same user. Both will use the same token. If you then log out on one computer, the token is removed (not expired). You will be logged out on the other computer as well.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.