|
|
|
|
|
|
by parker_mountain
1349 days ago
|
|
|
> sign out/session invalidation I wrote it up in another comment, but basically: if you're using JWTs, and you have lots of services calling each other in a request (as you might with microservices), it's entirely appropriate to have a session check ("remote introspection") when you access sensitive information, such as PII. And, maybe, at the edge layer as well. |
|
|