Corporate has requested that I change the inactive timeout for Sugar to 15 minutes to match their security policies across their other web/desktop applications.
I have the oauth2 lifetime's as so:
'oauth_token_expiry' => 0,
'oauth_token_life' => 86400,
'oauth2' => [
'access_token_lifetime' => 600,
'refresh_token_lifetime' => 900,
'max_session_lifetime' => 900
And for the most part, it works perfectly. There are some cases however where there seems to be a disconnect on the client side, and when they try to log back in, they get something along the lines of "No valid authentication for user."
They're still able to login via Incognito mode, so I know it's cache related, but does anyone have a workaround that doesn't involve excessive browser cache clearing?