ramtinq
commented
1 year ago I had to set JWT_SHOW_BLACKLIST_EXCEPTION=true in my .env file to prevent old tokens being accepted after logging out.
Closed ramtinq closed 1 year ago
ramtinq
commented
1 year ago I had to set JWT_SHOW_BLACKLIST_EXCEPTION=true in my .env file to prevent old tokens being accepted after logging out.
The
Auth::guard()->logout()seems to do nothing! It doesn't invalidate the token, the token still can be used in further requests. Passingtrueto it doesn't make a difference. How does the blacklist work? Couldn't find any documentation about it.Can you please help me on how can the user actually be logged out as soon as he still has the token? Doesn't it require a database table or session storage to create blacklist of tokens? Where do we define it?