Hi, just wondering how Auth0 handles logouts, does it invalidate the token or just remove the cookie?
JWT access tokens are stateless and are not invalidated upon logout (we recommend short lifetimes). Session cookies are terminated.
Here’s more info:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.