Hacker News new | ask | show | jobs
by Graffur 1923 days ago
Can users log out? What happens if a user's token is stolen? Can it be invalidated?
1 comments
amand33p 1921 days ago
Yes, they can logout.

Sadly, JWT can be stolen, because my app stores them in local storage. It's a portfolio project, so I didn't use safer methods like cookies.

link
Graffur 1921 days ago
So then logging out just logs them out in their own client?

edit: fair enough if it's a portfolio project. I didn't see that here or on the site itself.

link