The API documentation indicates that the session token will eventually expire, but this does not appear to be happening for me. Why not?
The session token doesn’t change, but it could expire eventually. The token is based on your user credentials and your IP address, so if you don’t change those it will always be the same token. The reason you’re not seeing it expire is because we’re using a Least-recently-used expiration policy on those tokens.
Basically, if you keep using it consistently, it won’t expire unless a lot of other tokens have been used more recently than yours. If you use it consistently, you may never see it expire. It’s still a good practice to run userauth/login before a batch of operations and/or be responsive to an authentication exception, so you can login again if/when you need to.