|
|
|
|
|
|
by _puk
3383 days ago
|
|
|
The none issue was highlighted by Tim McLean 2 years ago [0] and comes up in any trivial search about JWT. Surprised that anyone who chooses to use JWT is still getting caught by it as, as you say, any half decent library mitigates this. For me, the log out / cross device session management issue seems to force a pattern of short expiry with self refreshing tokens. Commonly used devices feel always logged in, whereas uncommonly used devices end up needing a fresh log in each time. 0: https://www.chosenplaintext.ca/2015/03/31/jwt-algorithm-conf... |
|
|