The session will be rejected by the token auth though because it is expired, but the object is not evicted because there is a difference between expiry and deletion.
With “by the token auth” do you mean it will be auto rejected if the following is implemented?
Meaning that if I set an “expires” epoch on the session object and then it via TykSetKeyData(authHash, JSON.stringify(session)); … on the next request following that “expires” being reached (using “auth tokens” per what you noted below) Tyk will return what exactly, on a call to session = JSON.parse(TykGetKeyData(authHash)).
Will session.status == "error"?
Also what does this mean in the logs when I call TykSetKeyData(authHash, JSON.stringify(session));
2017-07-26T14:14:36.171578836Z time="Jul 26 14:14:36" level=warning msg="Incorrect key expiry setting detected, correcting"