Image for post
Image for post

When it comes to authentication at web services, JWT offers a simple but effective method. But it also comes with some downsides. Because the tokens are stored within the client, the server normally has no clue how many tokens are in use. Once a user now changes his password or manually wants to invalidate all sessions, it seems as if this exceeds JWT’s capabilities. I have found five ways to keep track of all sessions or at least to have the ability to invalidate all sessions in an uncomplicated way.

1. Different IDs

This method is the easiest one to think of I…

Michael Bruns

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store