Most apps think login is simple: Generate a JWT and you’re done.
That’s where things go wrong. JWT tokens are meant to be short-lived (2–4 hours for security reasons)
So if you rely only on JWT:
→ Users keep getting logged out
Sachin G Kulkarni
That’s what I told a founder who came to me with an AI-generated website.
He wanted 5–6 small issues fixed. But the real problem wasn’t the issues.
The site had no branding, no structure, and didn’t even work well on mobile. Fixing it wouldn’t change anything for his business. I explained the same to him
That’s when he paused… and decided to rebuild everything.
A client once asked for a small update: “Just add three extra fields on this screen.”
Sounds easy. But that one change meant:
- Updating database structure
- Modifying APIs
- Adjusting validations
- Changing reports
- Handling existing data
What looked like a 10-minute UI tweak turned into a full system-wide update. And this happens all the time.
Because in software, nothing lives in isolation.Every small change has ripple effects. The problem isn’t the request. It’s the assumption that it’s “simple.”
Six months ago, a client was ready to pay me ₹1 lakh to start building an education portal.
I told him to pause. Because the core of his product depended on a third-party provider.
Instead of starting development, I asked him to sit with me and document everything:
- What he expects
- What the third-party actually provides
- What’s missing
The gap was huge.There were critical pieces the third-party didn’t support yet.
A few months ago, many companies rushed to replace developers with AI.
It looked promising.Faster output. Lower cost. Less dependency. But reality kicked in. AI-generated code started:
- Breaking existing features
- Lacking consistency
- Creating more maintenance overhead
And slowly, silently… companies started hiring developers back into the same roles.
Here’s the truth: AI can help you accelerate development.But it cannot take full ownership of a production system.
A few months ago, a person approached me to build an education platform like PhysicsWallah.
I asked simple questions:
- How many batches you currently have ?
- How many students per batch?
They avoided giving clear numbers. And that was the problem.
Because you can’t design the right system without understanding the current scale.
A friend wanted to build a simple e-commerce site. He comes from business background.
He approached a few developers.
- One suggested Shopify with a detailed plan
- One proposed a .NET-based custom solution
- Another said they’d build it in Flutter
Three options. Three directions. He got confused.
But the real problem wasn’t the developers. It was this: He never defined what he actually wanted.
I’ve seen this happen too often.
A client shares a brief idea.The developer replies with a price on WhatsApp.
There will be No requirement document , No scope clarity, No defined deliverables.But sill the project starts.
Everything looks fine… until midway. That’s when things begin to surface: “This feature wasn’t discussed” , “This will cost extra” , “This is out of scope”
Most SaaS products get authentication almost right.
They use JWTs. That’s correct implementation, but either:
- Tokens expire too quickly, so users get logged out constantly
- Or they last too long, creating security risks
What’s usually missing? A proper refresh token implementation.
In a recent audit, I spotted this exact issue.The JWT token was set to expire after 6 hours, with no refresh token mechanism in place.
My client said, “Let users explore first.”
I didn’t agree. “If users skip setup, they won’t reach the wow moment.” That was my point in the meeting
Instead of just pushing back, I showed them:I signed up on competitor products and walked them through how onboarding is done right.
That’s when it clicked. After 30 mins of discussion he understood the importance of onboarding flow.