Invalidating JSON Web Tokens

Question

For a new node.js project I\'m working on, I\'m thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store conta

Answer 1

1. Give 1 day expiry time for the tokens
2. Maintain a daily blacklist.
3. Put the invalidated / logout tokens into the blacklist

For token validation, check for the token expiry time first and then the blacklist if token not expired.

For long session needs, there should be a mechanism for extending token expiry time.