Invalidating JSON Web Tokens

前端未结

关注

 28  2761

夕颜 2020-11-22 06:17

For a new node.js project I\'m working on, I\'m thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store conta

28条回答

挽巷 (楼主)

2020-11-22 07:02
Keep an in-memory list like this
```
user_id   revoke_tokens_issued_before
-------------------------------------
123       2018-07-02T15:55:33
567       2018-07-01T12:34:21
```
If your tokens expire in one week then clean or ignore the records older than that. Also keep only the most recent record of each user. The size of the list will depend on how long you keep your tokens and how often users revoke their tokens. Use db only when the table changes. Load the table in memory when your application starts.
0 讨论(0)

查看其它28个回答
发布评论:

提交评论
- 加载中...