How to expire all token when user logout JWT

behavior
help

#1

Hi I am using ADmad/cakephp-jwt-auth Plugin. I want to expire user token when user logout can any one please guide me.


#2

hi,

did you got solution?


#3

Me two i have issue on this. please help


#4

That’s not how standard JWT works. A typical JWT token includes the username and an expiry time; there’s no session details included. To invalidate them on logout would mean adding session information. From the documentation, it appears that this could be possible:

You can set the queryDatasource option to false to directly return the token’s payload as user info without querying datasource for matching user record.

But you’d presumably have to do some custom coding to check the resulting payload info against your sessions table.