Hi @Lonli-Lokli! Yes, a refresh token is not required when creating a cookie as they are independent of each other - see similar discussions here - How will session expire time and refresh token lifetime work together? - #2 by andrea. Specifically, if a user’s session expires they will still have access to the application with the refresh token option enabled, so be sure to revoke the user’s tokens on logout.
1 Like