how to maintain and timeout individual session keys in a rest api?

<p>hi, iam attempting to use a session key with a rest api iam building. when the user creates a session via an api call. a session key is created and returned to them. iam using it to identify a particular user and its passed back to the api whenever the user calls the api to get data or post something. i have this in a seprate &#34;sessions&#34; table in the DB and iam just wondering how id time them out say after 20 mins if i had a bunch of sessions for different users created at different times. alos is there some Library i should be using rather than implementing this functionality? thanks</p> <hr/>**评论：**<br/><br/>meepcanon: <pre><p>One way could be on request check the database “session_expiry” - if it’s passed then expire the token and redirect. </p></pre>eoin_ahern: <pre><blockquote> <p>yeah it seems like it would be one solution. iam just wondering is this the best way as there would be a lot of overhead to constantly be checking through each logged in user. like depending how often iam checking this table and if i have thousands of logged in users.</p> </blockquote></pre>Redundancy_: <pre><p>If you&#39;re using it as a mechanism for identity, have you considered JWT? There are libraries for that, and it&#39;s a known standard that you can find advice about, plus expiry is built in to most implementations.</p> <p>There might be reasons not to - such as you&#39;re storing very mutable information in your sessions, or large data, but you could still build identity on that standard.</p></pre>eoin_ahern: <pre><p>cool. thanks for the tip ill check it out</p></pre>metamatic: <pre><p>Include the creation time in the session key and check before accepting one. Issue new keys periodically.</p></pre>kanishkatn: <pre><p>Create a background job and write your logic to do the timeout. This library might help <a href="https://github.com/onatm/clockwerk" rel="nofollow">https://github.com/onatm/clockwerk</a></p></pre>