如何在注销时销毁JWT令牌? [英] How to destroy JWT Tokens on logout?

问题描述

我在hapijs中使用jwt插件和策略.

I am using jwt plugin and strategy in hapijs.

我能够在登录用户时创建jwt令牌，并通过'jwt'策略使用相同的令牌对其他API进行身份验证.

I am able to create jwt token while login user and authenticate other API using the same token through 'jwt' strategy.

我将request.state.USER_SESSION中的令牌设置为cookie，其中USER_SESSION是令牌名称.另外，我没有将这些令牌保存在数据库中.

I am setting the token in request.state.USER_SESSION as a cookie where USER_SESSION is a token name. Also, I am not saving these token in the database.

但是注销时如何销毁jwt令牌?

But how can I destroy jwt token at the time of logout?

请提出一种方法.

推荐答案

JWT存储在浏览器中，因此删除令牌即可删除客户端的cookie

The JWT is stored on browser, so remove the token deleting the cookie at client side

如果您还需要在服务器端使令牌失效之前使令牌无效，例如帐户被删除/阻止/挂起，密码已更改，权限已更改，用户被管理员注销，请查看

If you need also to invalidate the token from server side before its expiration time, for example account deleted/blocked/suspended, password changed, permissions changed, user logged out by admin, take a look at Invalidating JSON Web Tokens for some commons techniques like creating a blacklist or rotating tokens

这篇关于如何在注销时销毁JWT令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！