CAP-109 — Session lifecycle management¶
| Category | Authentication & security |
| Business goal | Not yet linked to a business goal |
| Satisfying module | MOD-068 |
| Mode | AUTO |
| BD owner | BD09 Technology |
| Human needed | No |
Issues short-lived access tokens on successful authentication and silently refreshes them in the background while the customer is active. Maintains a registry of active sessions per customer and revokes all sessions immediately on logout, password change, or a fraud signal. Idle sessions expire after a configurable inactivity timeout.