diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
index b5b1010f20..6d29cae1c3 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
@@ -104,16 +104,11 @@ public long getTokenExpiration(final String token) {
 
   @Override
   public void revokeToken(final String token) {
-    // Record the revocation by setting the expiration to -1
-    updateExpiration(token, -1L);
+    /* no reason to keep revoked tokens around */
+    removeToken(token);
     log.revokedToken(getTokenDisplayText(token));
   }
 
-  @Override
-  protected boolean isRevoked(final String token) {
-    return (getTokenExpiration(token) < 0);
-  }
-
   @Override
   protected boolean isUnknown(final String token) {
     boolean isUnknown = false;
@@ -125,6 +120,19 @@ protected boolean isUnknown(final String token) {
     return isUnknown;
   }
 
+  @Override
+  protected void removeToken(final String token) {
+    validateToken(token);
+
+    try {
+      aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, token);
+      aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME,token + "--max");
+    } catch (AliasServiceException e) {
+      log.failedToUpdateTokenExpiration(e);
+    }
+
+  }
+
   @Override
   protected void updateExpiration(final String token, long expiration) {
     if (isUnknown(token)) {
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
index 77ab5a47b5..e15815486c 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
@@ -23,10 +23,8 @@
 import org.apache.knox.gateway.services.security.token.impl.JWTToken;
 
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Set;
 
 /**
  * In-Memory authentication token state management implementation.
@@ -43,8 +41,6 @@ public class DefaultTokenStateService implements TokenStateService {
 
   private final Map<String, Long> tokenExpirations = new HashMap<>();
 
-  private final Set<String> revokedTokens = new HashSet<>();
-
   private final Map<String, Long> maxTokenLifetimes = new HashMap<>();
 
 
@@ -159,8 +155,8 @@ public void revokeToken(final JWTToken token) {
 
   @Override
   public void revokeToken(final String token) {
-    validateToken(token);
-    revokedTokens.add(token);
+    /* no reason to keep revoked tokens around */
+    removeToken(token);
     log.revokedToken(getTokenDisplayText(token));
   }
 
@@ -172,13 +168,11 @@ public boolean isExpired(final JWTToken token) {
   @Override
   public boolean isExpired(final String token) {
     boolean isExpired;
-
-    isExpired = isRevoked(token); // Check if it has been revoked first
+    isExpired = isUnknown(token); // Check if the token exist
     if (!isExpired) {
-      // If it has not been revoked, check its expiration
+      // If it not unknown, check its expiration
       isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
     }
-
     return isExpired;
   }
 
@@ -208,6 +202,16 @@ protected void updateExpiration(final String token, long expiration) {
     }
   }
 
+  protected void removeToken(final String token) {
+    validateToken(token);
+    synchronized (tokenExpirations) {
+        tokenExpirations.remove(token);
+    }
+    synchronized (maxTokenLifetimes) {
+      maxTokenLifetimes.remove(token);
+    }
+  }
+
   protected boolean hasRemainingRenewals(final String token, long renewInterval) {
     // Is the current time + 30-second buffer + the renewal interval is less than the max lifetime for the token?
     return ((System.currentTimeMillis() + 30000 + renewInterval) < getMaxLifetime(token));
@@ -221,10 +225,6 @@ protected long getMaxLifetime(final String token) {
     return result;
   }
 
-  protected boolean isRevoked(final String token) {
-    return revokedTokens.contains(token);
-  }
-
   protected boolean isValidIdentifier(final String token) {
     return token != null && !token.isEmpty();
   }
@@ -258,11 +258,6 @@ protected void validateToken(final String token, boolean includeRevocation) thro
       log.unknownToken(getTokenDisplayText(token));
       throw new IllegalArgumentException("Unknown token");
     }
-
-    // Then, make sure it has not been revoked
-    if (includeRevocation && isRevoked(token)) {
-      throw new IllegalArgumentException("The specified token has been revoked");
-    }
   }
 
   protected String getTokenDisplayText(final String token) {