0
0
Expressframework~5 mins

Refresh token concept in Express - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is a refresh token in web authentication?
A refresh token is a special token used to get a new access token without asking the user to log in again. It helps keep users logged in smoothly.
Click to reveal answer
beginner
Why do we use refresh tokens instead of long-lived access tokens?
Refresh tokens improve security by keeping access tokens short-lived. If an access token is stolen, it expires quickly, reducing risk.
Click to reveal answer
intermediate
How does the refresh token flow work in Express apps?
When the access token expires, the client sends the refresh token to the server. The server verifies it and issues a new access token.
Click to reveal answer
intermediate
Where should refresh tokens be stored on the client side?
Refresh tokens should be stored securely, often in HTTP-only cookies, to prevent access by JavaScript and reduce risk of theft.
Click to reveal answer
advanced
What happens if a refresh token is compromised?
If a refresh token is stolen, an attacker can get new access tokens. To reduce risk, refresh tokens should be revocable and have expiration.
Click to reveal answer
What is the main purpose of a refresh token?
ATo encrypt the access token
BTo replace the password
CTo store user data
DTo get a new access token without re-login
Where is it safest to store a refresh token on the client?
AHTTP-only cookie
BLocal storage
CSession storage
DIn a JavaScript variable
What should happen when a refresh token is used to get a new access token?
AThe server logs out the user
BThe server verifies the refresh token and issues a new access token
CThe client deletes the refresh token
DThe client sends the password again
Why are access tokens usually short-lived?
ATo save storage space
BTo reduce server load
CTo improve security by limiting token lifetime
DTo speed up login
What is a risk if refresh tokens are not revoked after logout?
AAttackers can use stolen refresh tokens to get new access tokens
BPasswords will be exposed
CThe server will crash
DUsers will stay logged in forever
Explain how refresh tokens help maintain user sessions securely in an Express app.
Think about how users stay logged in without re-entering passwords.
You got /4 concepts.
    Describe best practices for storing and handling refresh tokens on the client and server.
    Focus on security and preventing token theft.
    You got /4 concepts.