I am using JsonWebToken to auth for user. When user login I create a token for user. Then user update their information, I create a new token for user. How can I set invalid for previous token?. Ex: Change expired date to now or something else....
Asked
Active
Viewed 131 times
1 Answers
0
To invalidate the previous token, you might want to use a database or a datastore like Redis, which can contain blacklisted tokens. Each request's JWT can then be checked against this validated.
GPX
- 3,506
- 10
- 52
- 69
-
This is not a good idea, because we use token instead of session id to avoid using Redis – Vo Thanh Thang Nov 04 '15 at 13:22
-
Can you also sign the JWT with a hash of the user information, then? – GPX Nov 04 '15 at 15:13