Parallel sessions using the same access tokens

Hi

We have an integration which allows us to call the SugarCRM API by using the authentication tokens of a certain SugarCRM user. Now, our customers have a problem: their refresh token become invalid (invalid_grant) and we cannot find any way to reproducing this.

As far as I know, refresh tokens only get invalidated whenever a new access token for a certain user is requested under the same platform.

Situation sketch

- One user authenticates to with SugarCRM and recieves the access (& refresh) token which authenticate our connector

- Then, other users can use this connector to retrieve (meta-)data from SugarCRM

- To realise this, we have a connection pool with a number of http-clients which use these these tokens (they can be used simultaneously)

- The moment we do an api call, we refresh the token if it is expired (minus an offset of a couple of minutes)

- Refreshing is done synchronized and all clients now use the renewed access token

I read something interesting in this post https://community.sugarcrm.com/thread/30360-refresh-token-becames-invalid

"You can't have multiple clients connecting to same Sugar instance using same platform id at same time or you'll run into session conflicts.". Matt Marum

So my actual question: is it possible my refresh token is invalidated while trying to use the SugarCRM rest api with multiple http-clients at the same time with one access token?

Recently, we also started to have this warning: 

Invalid cookie header: "Set-Cookie: AWSALB=qi4YCymX2Y9JifxIhN...vNXPOGlOW2P7KqY7acJgAUdojIlK; Expires=Thu, 20 Feb 2020 08:38:58 GMT; Path=/". Invalid 'expires' attribute: Thu, 20 Feb 2020 08:38:58 GMT 

I don't know if it's relevant.

Thanks for helping

Jan