如何在注销时销毁JWT令牌? [英] How to destroy JWT Tokens on logout?
问题描述
我在hapijs中使用jwt插件和策略.
I am using jwt plugin and strategy in hapijs.
我能够在登录用户时创建jwt令牌,并通过'jwt'策略使用相同的令牌对其他API进行身份验证.
I am able to create jwt token while login user and authenticate other API using the same token through 'jwt' strategy.
我将request.state.USER_SESSION
中的令牌设置为cookie,其中USER_SESSION
是令牌名称.另外,我没有将这些令牌保存在数据库中.
I am setting the token in request.state.USER_SESSION
as a cookie where USER_SESSION
is a token name. Also, I am not saving these token in the database.
但是注销时如何销毁jwt令牌?
But how can I destroy jwt token at the time of logout?
请提出一种方法.
推荐答案
JWT存储在浏览器中,因此删除令牌即可删除客户端的cookie
The JWT is stored on browser, so remove the token deleting the cookie at client side
如果您还需要在服务器端使令牌失效之前使令牌无效,例如帐户被删除/阻止/挂起,密码已更改,权限已更改,用户被管理员注销,请查看
If you need also to invalidate the token from server side before its expiration time, for example account deleted/blocked/suspended, password changed, permissions changed, user logged out by admin, take a look at Invalidating JSON Web Tokens for some commons techniques like creating a blacklist or rotating tokens
这篇关于如何在注销时销毁JWT令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!