On my app, I am using Rodauth for a web-based authentication, but also for our mobile application using JWT & JWT refresh tokens.
So both active_sessions (for cookie-based web sessions) and jwt_refresh (for mobile API) are enabled.
This results in calls to the jwt-refresh endpoint getting a 401 / inactive_session response, which I dont think is the intended behaviour as JWT refresh token have their own deadline interval for expiration.
What would be the best way to deal with this setup?
I think the easiest way would be to only call `rodauth.check_active_session` if the request if `use_jwt?` returns true, but I am not sure on how to check this in the routes.
This should probably be documented somewhere, or maybe even handled in the active_sessions plugin as I dont think of a use-case with expiring sessions and JWT at the same time.
Thanks,