Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Ability to invalidate old token/session when user login with another machine. #267
I'm new to feathers. I already implement local and jwt authentication.
but when I go to login on another machine. the old logged in session on the old machine still valid.
I would like to know, Is there any setting or work around to invalidate old token or old user session to make old session or token not usable anymore.
Yup. Duplicate of #133. If you want to revoke tokens, you need to maintain a blacklist or whitelist. This is left up to you. Generally, JWT assumes that since tokens are unique and should be securely stored that if they user discards it, then it will eventually be no longer valid.
Tokens are only good for a day but you can configure their TTL as well if you want.