Invalidate JWT Token on Logout


Hey All,

Does anyone have an example which invalidates a JWT token on user logout? We’ve seen a slow AJAX call allow a browser to reacquire cookies after logout has occurred.



if you use a stateful JWT approach, then you can delete the token from your backing store on logout. Otherwise you cannot invalidate stateless tokens.

Best regards,