Security

Authentication

How Sensorclouds handles user login and session management

Sensorclouds uses JWT-based authentication with secure httpOnly cookies.

Login Page

Authenticate with email + password
"Remember me" option controls token storage (localStorage vs sessionStorage)
Tokens are stored as httpOnly cookies (secure, sameSite: strict)

Token Details

Token	Expiry	Purpose
Access Token	Short-lived	Authorizes API requests
Refresh Token	Longer-lived	Obtains new access tokens

Token Management

Primary method: httpOnly cookies — automatically included in all requests
Fallback: Bearer token header — for API clients and integrations
Automatic refresh: When the access token expires, the refresh token is used to obtain a new one seamlessly
Token rotation: Each refresh generates a new refresh token, invalidating the previous one

Logout

When you log out:

Access and refresh token cookies are cleared
The refresh token is revoked on the server
You are redirected to the login page

Role-Based Redirects

After login, you are redirected based on your role:

Role	Redirect URL
Admin	`/tenant-admin/home`
Engineer	`/tenant-admin/home`
Crew / User	`/crew/home`

Roles & Permissions

Detailed breakdown of what each role can access and do

Password Policies

Password requirements and account lockout configuration

On this page

Login Token Details Token Management Logout Role-Based Redirects