It's just a way of doing token expiration. One solution to this is to have a button on the user's page to retract all tokens for a user after changing the password.
Posts made by nhanlon
RE: XOA shows hundreds of client connections
tcpdump it? Or check netstat while it's running and see what it is.
What is that UI? Who honestly knows what it's counting as a 'connection'. I seriously doubt it's individual flows. More than likely, this is related to websockets (in my opinion).
But again... a pcap would help in diagnosing.