i create a jwt token when user logged in and store it in local storage ,i specified expire time for session by using jwt.sign,if the expiration time comes then session will closed by token expiration,so,i remove it from local storage also,if user click logout before the expiration time ,how to kill the active token?
Assuming the token was not leaked then only the client application has knowledge of the token which would mean removing it from storage could be enough because now no one has knowledge of the token. If you’re worried about the possibility of someone else having access to the token then that’s a different problem altogether as you would likely need a way yo revoke/blacklist the token and also detect malicious usage (the revoke functionality could then also be used at logout as an extra precaution).
1 Like