I'm using the google API on my site. When the user grants authorization to use his account, google returns me two tokens: a token that I use as "password" to post on behalf of the user and that expires in 1 hour and a second fixed token that I use to update the first one.
I keep the two in the database. My question is: What should I do? Save the first token in cookies for whenever the user accesses the site I take it and make an inquiry to see if it has expired? So if you save only in the database how will I know the user logged in?