|
|
|
|
|
|
by cogman10
1362 days ago
|
|
|
> If the truth behind those claims changes in the mean time, you have to be able to invalidate the token, or accept the fact that it serves stale information. Isn't that obvious? I mean, if we were talking about sessions and you put in the session set information that can change outside the session, wouldn't the same problem exist? I just don't see this as a fundamentally unique problem for JWTs. |
|
|