Invalidating JSON Web Tokens
I too have been researching this question, and while none of the ideas below are complete solutions, they might help others rule out ideas, or provide further ones. 1) Simply remove the token from the client Obviously this does nothing for server side security, but it does stop an attacker by removing the token from … Read more