Open LucasAmorimSilva opened 6 years ago
Initially, I thought the JWT token need to be deleted (I didn't understand the concept of Stateless yet), so my logout solution was to delete the token after X minutes. Many people think this way.
Now, I think the best solution is to set:
JWT_AUTH = { 'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=15*60), }
With it, I can set a good timeout and, if the front receives a 401, it must go to logout page. I think this strategy is not clear in the docs.
Initially, I thought the JWT token need to be deleted (I didn't understand the concept of Stateless yet), so my logout solution was to delete the token after X minutes. Many people think this way.
Now, I think the best solution is to set:
JWT_AUTH = { 'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=15*60), }
With it, I can set a good timeout and, if the front receives a 401, it must go to logout page. I think this strategy is not clear in the docs.