How can we know if User still active with VUE/Django/JWT?

Question

Currently I use rest_framework_jwt to manage the authentication process, Checked the doc Django REST framework JWT refresh-token I find this sentence below,

Each time the user loads the page, you can check if there is an existing non-expired token and if it's close to being expired, refresh it to extend their session. In other words, if a user is actively using your site, they can keep their "session" alive.

My query is,

1. How to know user still active?
2. Could we extend this "active" status infinitely? It looks maximum refresh time is: 'JWT_EXPIRATION_DELTA' + 'JWT_REFRESH_EXPIRATION_DELTA'

Configuration: Frontend: VUE; Backend: Django; Backend API: DRF

Answer 1

My suggestion:

1. When user logs in, user + password get sent to server and once validated, a token is generated and stored on server as well as sent back to client.

2. Client once receives the token, store it in local storage.

3. From then on, each time user make a request to server, attach the token to the request. On the server side, check for token in the incoming request and validate it against it with what server already is having.

4. If token is valid, perform the backend process.

However, a token should be generally short-lived (a few hours). This in general should come with a “refresh token”, a refresh token is used to refresh the access token and generally long-lived (a few months).