Hi, just wondering how Auth0 handles logouts, does it invalidate the token or just remove the cookie?
JWT access tokens are stateless and are not invalidated upon logout (we recommend short lifetimes). Session cookies are terminated.
Here’s more info: