Closed chris-t-li closed 1 year ago
this must mean that some expired tokens arent being deleted. I believe there is a background task is being ran everyday at 4:30am
Maybe is here, in models/blacklisted_token.rb
Should it be "destroy_all" instead of "delete_all"? .
class BlacklistedToken < ApplicationRecord
belongs_to :user
def self.delete_expired_tokens
self.where("expires_at < ?", Time.current).delete_all
end
end
will check it out
Currently, on user logout, a BlacklistedToken is created so that subsequence use of the token will be rejected by authentication.
However, there is no cleanup process that destroys expired tokens.
Need to create a background task that will run [daily] that will destroy expired tokens