Django rest framework json web token logout function

Question

First of all, i am still new to django rest framework jwt so pls excuse my stupidity if im wrong.

Im wondering about how to create a logout function for jwt as when user want to logout and switch account, they will need this function.

Based on the what i seen in many other logout post, - there is no need for logout function as the token isnt save on server side so closing and opening will result in having to login again. - jwt is using expire time for it so it will logout when the token has been expire , provided if the verify token is set to True

But what i want is to have like a remember me function where user will stay login when they close and open again, as one of the suggestion is turn the verify token to false or set expire time to weeks. But then how does the user logout if the token expire time hasnt reach yet ?

As i am using jwt and djoser, the logout function of djoser is for drf only and not for jwt. Since i am also using the api for mobile devices, so the user will stay login whenever they open the app (provided they did the first login) like facebook and many other apps.

Please give me guidance on this. Thank you

Hello and welcome to StackOverflow. Please take some time to read the help page, especially the sections named ["What topics can I ask about here?"](http://stackoverflow.com/help/on-topic) and ["What types of questions should I avoid asking?"](http://stackoverflow.com/help/dont-ask). And more importantly, please read [the Stack Overflow question checklist](http://meta.stackexchange.com/q/156810/204922). You might also want to learn about [Minimal, Complete, and Verifiable Examples](http://stackoverflow.com/help/mcve). — Sudheesh Singanamalla, Nov 06 '17 at 04:05

score 3 · Accepted Answer · answered Nov 06 '17 at 04:18

3

Ideally, you should be using JWT in a stateless manner, which means the there is no session(The JWT token has an expiration time and will be invalid after that time, clients need to implement some mechanism to re-authenticate or extend the token). Given that, you don't need a log out at all.

answered Nov 06 '17 at 04:18

codeadict

2,643
1
15
11

1

what if user wants to logout to login to another account ? for eg: on phone/mobile devices – Jin Nii Sama Nov 06 '17 at 05:07
@JinNiiSama Then the client side application should discard the JWT (logout) and request a new JWT for the other account through login. – A. J. Parr Nov 06 '17 at 05:37
1

Yep what @ARJMP said – codeadict Nov 06 '17 at 17:24

Django rest framework json web token logout function

1 Answers1