For refresh token, or destory how about re issue token?? #390
Comments
|
With tokens, to login, you basically ask the server to create a token, and then you store it on the client. If the token is self-contained (as JWTs; the information about the token is stored inside the token), then you simply stop storing it on the client, and it has been deleted. If the token is not self-contained (the information about the token is stored on the server), then you need to tell the server to delete the token for you when the user logs out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm David
I read almost discussion about refresh token. It feel it has some problem.
At now, I have a some question of re-issue token.
Also, I got a principle the issued token do not destory.
If the situation is about log-out, sign out or prolong expire day, etc.., then how about re issue of token from web server? Just re-issue
Because I heard JWT does not have token-store. And issued token dose not destory. I think just the token will re-issue for log-in/out and just issued token string remove for drop out.
Is it having a some problem???
The text was updated successfully, but these errors were encountered: