Concerns about a typical JWT setup

From my understanding, the current standard when using JWTs for user sessions is to have a short-lived (expires after maybe 15 minutes) access token and a long-lived refresh token (expires after 24+ hours) which can be used to obtain more access tokens.

There seems to be a handful of reasons for this, the main ones being:

  • To decrease server load regarding authentication and session management.
  • To prevent an attacker from having long term access if they somehow obtain an access token.
  • To prevent new access tokens by revoking refresh tokens.

My concerns are:

  • Why do people think 15 minutes is short enough to prevent an attacker from doing whatever they want? A lot of damage can be done in 15 minutes.
  • If an attacker can obtain an access token, then they can most likely obtain a refresh token as well. This would allow them to obtain any as many access tokens as they need (until someone figures out that the refresh token has been compromised).

Am I missing something here? Or are JWTs not really meant for security? Are they really only meant to decrease server load?

Do Kellid barbarians from Numeria have a typical / trademark weapon?

I am going to play the Iron Gods Adventure Path soon and I am rolling a Kellid tribesman.

I’d like to be as faithful to the existing lore as possible, using some traditional weapon, but I have no idea where to find a list of those without finding spoilers for the adventure.

My research:

I have been told that Numerian -hunters- use spears, shortspears, javelins or thrown clubs. There’s a regional trait that improves these four weapons (all belonging to the thrown and tribal group, but notably not including thrown axes or daggers).

While playing the Pathfinder: Kingmaker videogame, I have seen people from the Tiger Lords tribe use greatswords.

Of course I expect a large number of NPCs of that ethnicity in Iron Gods and in the Kingmaker AP, which I should refrain from reading even if I had the chance.

What does a typical goliath look like?

After reading this question, it seems that there’s very little to go on from D&D 5e regarding what a goliath typically looks like. We have an image, but that’s just an example of one individual goliath.

                                                      

Since there’s so little to go on in 5e, do older editions of D&D go into more detail about what the typical goliath looks like (in relation to skin, hair, eyes, etc)?

I’m led to believe they are related to stone giants (although I plan on asking about this in another question, so answers to this question should just be limited to physical descriptions), and therefore they do not have any hair at all, like stone giants. Is this true?

Should typical e-commerce data needs to be separated by countries?

Should typical e-commerce apps data needs to be separated by countries and cities if in the near future data can be increase drastically? What are the possible solutions of internalization without duplicating the projects but separating databases? My question is in general, however it would be nice to hear solutions in MongoDB.

How much damage can a ranger deal in a typical combat encounter?

I want to know the damage (as well as how such a thing would be worked out – show your working please – I want to learn how to do this by myself for the future, since I’m also interested in Tiers 3 and 4) that a ranger, well optimised for a DPR party role, can deal in a typical combat encounter (meaning, one that lasts the average number of rounds that combat tends to last in D&D; according to this, that means five rounds). I’m interested in Tier 2 levels (specifically between levels 7 to 10).

The restrictions:

  • Assume standard array stats, but assume the race to be Wood Elf for that +2 DEX and +1 WIS (or a similar race well suited to this role; I’m just suggesting Wood Elf because that’s what I’d choose, I’m not married to it).
  • No spells; let’s assume this ranger used up all their spell slots healing up after the previous encounter.
  • No multiclassing; this must be a ranger and nothing else.
  • No magic items or buffs from others; I want this damage to be derived from the ranger’s own class features and feats, etc, rather than magic items or other party members’ spells.
  • You can assume every attack hits, but I’m not interested in critical hits; we’re lucky, but not that lucky.
  • You can also assume that, if using a ranged weapon, that we have more than enough ammo for this encounter.
  • Let’s assume there’s, say, a raging grapple-based barbarian who’s soaking up the enemy’s aggro and keeping the enemy pinned so that the ranger can ignore defense and focus solely on DPR.

I was originally going to ask for a Gloom Stalker Ranger, because it’s popularly considered one of the strongest ranger archetypes, but then realised that some of its features aren’t relevant, such as being invisible in darkness, if we’re assuming that every attack hits and they don’t need to worry about defense, so I’m leaving the archetype open for answerers to decide.

Can you wield a a typical shield and Aegis of the Raven Queen at the same time?

I know that you can only hold one shield at a time but the description of the Aegis of the Raven says that its plus magic bonus to AC stacks up with the current pluses from a shield that is currently used. This description about bonuses does not make sense if you can’t wield both shields at the same time.

Here is the description: While holding this shield, you have a +3 bonus to AC. This bonus is in addition to the shield’s normal bonus to AC.

Have PCs Historically Played Through More Campaigns Than is Currently Typical?

I’m relatively new to D&D, only having tabletop experience with 5e and a bit of 3.5, along with some scattered exposure to earlier editions through video games.

I’ve heard references to characters adventuring through multiple campaigns, sometimes a large number of them. But as I look through the published campaigns for 5e I see a lot of suggested level references which suggest that a character might properly fit up to two adventures. For example, the introduction to Descent into Avernus expects PCs to start at level 1 and be at least level 13 by the end.

Of course different editions have very different properties that touch on this– 3.5 had a lot of postgame content published specifically to take characters beyond the “maximum” level (whether they were good mechanics or not), while 5e doesn’t (as far as I’m aware). And published adventures are hardly the core of all D&D games played across all tables. But the basic 5e approach, and the adventures published for it, suggests to me that a PC might only see 2-3 non-oneshot adventures at most.

It’s not a problem (there are any number of ways to fiddle with adventure length and character progression) but I’m curious about whether or not the game has changed in this respect.

Has D&D always had this structure of relatively few adventures/campaigns per character (as either a game design element or by popular play style), or did a transition take place at some point? If there was a transition, when did it take place and what was the motivation?

(A valid answer can also be that I’m using terms like adventure and campaign imprecisely)

How does a typical, healthy Google Search Console history look like?

The following is a snapshot of my website’s Google Search console history in the past 6 months. Unfortunately, I don’t have any reference to understand whether this looks bad, healthy/typical, or even great. Based on your experience working with different sites, would you say this is a bad, typical, or great progress?

enter image description here

Is using typical memory used when working under windows environment a good knowledge of needed memory for a new computer?

Let s suppose I want to buy a new computer. My reasonning for the amount of ram is the following.

Is it correct ?

I look under windows environment how much memory I use when a large amount of applications that I typically use are simultaneously active. This gives me the memory that I need for the next computer.

Not more is needed.