node-express-boilerplate icon indicating copy to clipboard operation
node-express-boilerplate copied to clipboard

Published 20 hours ago verified publisher icon hagopj13

logout api only invalidate the refresh token, but the auth token is still valid until it expires

Open Bacce opened this issue 1 year ago • 2 comments

logout endpoint was implemented here: https://github.com/hagopj13/node-express-boilerplate/issues/19

Bacce avatar Aug 24 '23 21:08 Bacce

That should be a expected behavior and hence we keep the expire time of access token low If your application requires a more strict logout policy, maybe you can add a memory database which can track the user logouts, and every time you check the access token you also check if the user has logged out, and if the user has logged out you can return a 401 error to the user You will probably also need to add some more fields to the JWT token to make this work

aliasgar55 avatar Sep 19 '23 20:09 aliasgar55

Ive tested the api logout but i think it is not working , Ive login as admin and after logout i can access /users endpoint which is not good !! please take a look at this bug..

Thanks. Muhammad.

imuhammadarsalan avatar Sep 21 '23 11:09 imuhammadarsalan