If a token is issued with a 20-minute expiration time, it remains valid until it expires, regardless of whether a new token is issued afterward.

So:

• Token A is issued at 14:00 → expires at 14:20.
• Token B is issued at 14:05 → expires at 14:25.

Token A is still valid until 14:20, even though Token B was generated later.

Exceptions:

Some systems revoke old tokens when a new one is issued. This depends on the implementation:

• Stateless tokens (e.g., JWT): Typically not revoked unless explicitly blacklisted or the signing key is rotated.
• Stateful tokens (e.g., stored in a DB): The server might mark previous tokens as invalid upon issuing a new one.

To summarize:

Yes, the first token is still valid unless your system has explicit revocation logic