Destroy current jwt when user logout

[haidnvnn18]

How can I destroy current jwt on server when user logout?

[thedewpoint]

There's no way to delete it on the server unless you're storing it on the server. I think the typical way to 'destory' a jwt so that it may not be reused is to blacklist it in your db. On Jun 22, 2016 4:42 AM, "haidnvnn18" notifications@github.com wrote:

How can I destroy current jwt on server when user logout?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/themikenicholson/passport-jwt/issues/64, or mute the thread https://github.com/notifications/unsubscribe/ADEBQ9eKuWxr8Gk6Dyyx--FKp8ZVTioaks5qOPV5gaJpZM4I7iUK .

[haidnvnn18]

Ah ok, I see. And only one more small question. I think jwt token will not be generate a same value, is it true?

Eg:

• day A: gen token has value is X
• day D: gen token has value is X, too.

Any case of this problem occur?

[mikenicholson]

Regarding different values of JWT: The value of the JWT is determined by its contents and the keys used to sign the JWT. If the contents and signing keys are identical each time the JWT is created then the JWT value should not change. If the JWT includes different any unique content (i.e. a timestamp) than it will have a different value each time the JWT is issued.

With regard to destroying a JWT - jwt's often expire or you can include some unique data, i.e. a session ID that can be verified in the database.

[mikenicholson]

Closing, feel free to reopen if you have further questions.