Back
JWT still valid after Session Timeout
I use JWT to authenticate a user on my API server. I use the /account endpoint to verify the JWT. If the user is logged out because the session has expired, the JWT is still valid and I still get a successful response when I call /account with the user's JWT. Shouldn't the JWT become invalid when the user is logged out, or am I using it incorrectly?
TL;DR
Developers are experiencing an issue where JWT remains valid after the session timeout. To address this, make sure to properly handle session expiration and consider implementing token revocation on logout to invalidate JWT. 