I read following paragraph in this answer:
- If the series identifier is present and the hash of the token matches the hash for that series identifier, the user is considered authenticated. A new token is generated, a new hash for the token is stored over the old record, and a new login cookie is issued to the user (it's okay to re-use the series identifier).
Please focus on this part:
A new token is generated
Well why should I generate (and update it into database) a new token? Actually I don't understand why should I change the cookie's value when the user is considered authenticated?