It is normally best to keep the token as short as needed. One hour is usually standard. This is just in case the tokens happen to leak out. There are good reasons why you may want to make them longer; 2 - 8+ hours. It really depends on the scenario and how much of a risk long lived tokens would be for you.
↧