Invalidate JWT Token on Logout


#1

Hey All,

Does anyone have an example which invalidates a JWT token on user logout? We’ve seen a slow AJAX call allow a browser to reacquire cookies after logout has occurred.


#2

Hi,

if you use a stateful JWT approach, then you can delete the token from your backing store on logout. Otherwise you cannot invalidate stateless tokens.

Best regards,
Christian