rest - PHP Token Authentication - Expiration -
i have hybrid spa php web application makes calls remote rest api it's needs. i'm starting implement token authentication between web server , api , i'm not quite sure how handle expiration of token. there may flaws in design well. user submits login credentials (username & password) web server. web server sends call api. api looks creds., if good, jwt auth token generated , returned web server token stored in php session variable. token never made public. each call web server makes api sends request authorization header includes token pulled session. my problem is, what's best way issue new token if 1 has expired during incoming request. api checks each request's token determine if it's valid , if it's expired. if request api foo/bar example, expecting json string in return, token has expired, expected behavior? hope makes sense. please let me know if i'm not clear enough. have not had luck researching particular scenario.