As per the documentation, one must use session keep-alive to keep the session active. So we do that 5 minutes before the expiry.
In parallel, the Oauth token's validity is also an hour and we do a refresh of the oauth token 5 minutes before the expiry. Whenever we refresh oauth token, and we call session keep alive it fails with status code 400, until we create a new session.
Does it mean that whenever you refresh a oauth token, we also need to create a new session? Or those two are unrelated.
Another question is whenever we create a new session, the comet notification api sends a disconnect message for the previous session, which we are not sure how to act upon. What is the correct sequence of call to keep the session going for longer duration.
Just verified that the Oauth token and Session/IM token are not related and you don't have to create a new session when oauth tokens are refreshed. Just keep alive will work. It was just that there was a bug in the keep alive code which was causing the 400 error.