Hacker News new | ask | show | jobs
by inshadows 1808 days ago
Set counter = 0 in DB. Put it into JWT. Increment the counter in DB to revoke the user. Compare counter in JWT < counter in DB. What's the problem?
1 comments
holtalanm 1808 days ago
then you're hitting the db on every request just to do auth.

if you _had_ to do that, I would put the counter into something like redis instead.

link
inshadows 1808 days ago
Don't you need to hit the DB anyway to fetch authorization data like user role? Clearly you aren't going to store it in JWT or you face the issue with invalidation. But fine, cache it in Redis. Problem solved.

10 timeout to reply. o_O

link