We increased session_expiry_sec and session_refresh_expiry_sec to enormous 90 and 180 days (!) on our server configuration. I use Session.Restore to restore session from player’s local storage (PlayerPrefs). If session restores successfully I don’t try to authenticate user.

This is what I got yesterday:

But the problem is that my Auth and Refresh tokens are NOT expired, the are valid:

As far as I investigated, the issue is that when restarting server all active auth and refresh tokens become invalid.
Yes, I can instead of restoring session from device’s local storage just go through authentication process one more time, but isn’t that wrong that restarting server causes invalidity of players’ sessions?
I see that I am not the only one who faced this issue, so I will also report this to your very own forum.

If you have any workaround or you’r planning to fix that in upcoming updates please let me know. Thank you!

I believe the way around this is to link device authentication and then use that to authenticate as it requires no user input, however I've been trying to implement this in my app and have not been successful. I cannot seem to link the device at all.

i had the same problems and fixed it with this -> #1107 (build nakama from source myself)

I believe the way around this is to link device authentication and then use that to authenticate as it requires no user input, however I've been trying to implement this in my app and have not been successful. I cannot seem to link the device at all.

The way around is to store device-ids of nakama account that you were logged in to and when server reboot happens, reauthorize using that stored device id
The issue here is depending on authorization flow there can be accounts with no device id linked, just like google and facebook, or google and apple, et.c., so this wouldn't work for me.

There is a 100% way around, but it looks like a bicycle)))

I'm pretty sure the LinkDevice authentication method means that you can link multiple devices to an originally Google account for example, just authenticate with device on startup and then link the google account on login. This then lets you authenticate without Google flow and no user input on all these devices.> > I believe the way around this is to link device authentication and then use that to authenticate as it requires no user input, however I've been trying to implement this in my app and have not been successful. I cannot seem to link the device at all.

The way around is to store device-ids of nakama account that you were logged in to and when server reboot happens, reauthorize using that stored device id

The issue here is depending on authorization flow there can be accounts with no device id linked, just like google and facebook, or google and apple, et.c., so this wouldn't work for me.

There is a 100% way around, but it looks like a bicycle)))

Token issue described here is handled in Nakama v3.18.0. 🙇