Deleting a JWT when it's not in use?

Question

I am new to the full stack world, so I hope that my question is not too basic..

I have a JWT tokens that saved in MongoDB, as a field in the user document.

Let's take scenario when the user deletes his browsing data and the JWT in his side is deleted and won't be in use anymore.

How can I delete the token from Mongo after a period of time without usage? In order to avoid tons of unnecessary tokens in the DB and security problems..

If it matters, I write my backend with NodeJS.

For what purpose do you save the token (assuming you're talking about access tokens here)? — jps, May 24 '18 at 19:28

score 0 · Answer 1 · answered May 24 '18 at 19:22

0

You can use node-schedule to run a function every certain period of time.

var schedule = require('node-schedule');

var j = schedule.scheduleJob(`* 15 * * * *`, function () {
   /* execute some function like deleteTokens() ... */
});

answered May 24 '18 at 19:22

Tom

118
1
12

Deleting a JWT when it's not in use?

1 Answers1