ItIsAndrewL
commented
4 days ago Running the reset_database script is a development only concern, and in production if this is the case, it will be covered by having the JWT expire after a certain amount of time.
Edge Case:
Mustafa and Nick found a bug. If the server gets updated (lets say deleting a team) while the application is running, then the auth token still has access to the deleted team making the frontend think that the team still exists when it doesn't. We need a way to say that if the team id no longer exists in the database, then the token should be invalidated and a redirection back to login should occur.