|
|
|
|
|
|
by bearjaws
2788 days ago
|
|
|
We tie our users session in the JWT to the session in a central database, this allows us to invalidate individual sessions. The reason for using JWT is that the UI and backend consume the same session object seamlessly. Before what we got in our PHP session and what state we shared with the UI were manually kept in sync through a API request. |
|
|
what fields are in this session object besides an identifier?