This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the web-development category.
Last Updated: 2024-04-24
Regenerating API tokens on log out may be best practice for security, but it created chaos for operators of one of our app, since many of them shared an account in order to work more efficiently (it was a tool used in doctor's offices). This meant they foiled each other's attempts to make API requests.