You can check out this blog that walks through how to implement this functionality.
Here are a couple of things I can think off that might be causing some issues.
Then there is this in the runtime config options:
Determines how many minutes your token will remain valid before re-authenticating using your full credentials.
This setting defaults to -1, which is equal to no timeout.
I reckon the token is obviously a cookie, but as stated in the stackoverflow post Cordova / phonegap doesn't handle cookie storage well unless it is done in a specific way. Now I don't know how Mendix natively stores their cookies for this token. So maybe an insider of the Mendix R&D/Development can shed some light on that.
what version of Mendix are you running? There was an issue with tokens for online hybrid apps which will be solved in 7.16.0.
It might be you're running into that issue.