Is there a built-in solution for invalidating sessions on the server side after some time if the user was inactive? Should I "refresh" the cookie on each user activity to prevent the expiration of the session? Thanks.

You can use the

call.sessions.clear()

method for that.

Thanks, so I need to implement this expiration functionality and the "refreshing" of the session cookie.

Should I "refresh" the cookie on each user activity to prevent the expiration of the session?

Yes. You can use the

call.sessions.set()

method to prevent the cookie from expiring.

You can use the

call.sessions.set()

method to prevent the cookie from expiring

Maybe is there a way to simply resend the

Set-Cookie

header instead? I'm afraid that using

call.sessions.set()

will re-write the

SessionStorage

every time...

Unfortunately, the method for the sending is internal.