TIL
현재 프로젝트로 앱 개발중이며 백엔드 진행중이다.
JWT 토큰을 사용중이다.
You should either let a token be active until it is expired by itself, or opt to use a storage for logged out tokens if you want to restrict the usage of a token when a user logs out. To sum it all up, simply follow this 4 bullet points:
1. Set a reasonable expiration time on tokens
2. Delete the stored token from client side upon log out
3. Have DB of no longer active tokens that still have some time to live
4. Query provided token against The Blacklist on every authorized request
참고 블로그 https://dev.to/_arpy/how-to-log-out-when-using-jwt-4ajm