|
|
|
|
|
|
by numbsafari
1810 days ago
|
|
|
This is solved with a revocation list, which only needs to contain the tokens issued within the last ~5-10m for which there is a reason for revocation. Add to that a revocation list for access tokens, which are typically 24h. The sum of both lists is vastly smaller and easier to manage than distributing session state and maintaining it server side for every single user. |
|
|