I'm using Laravel 5.2 and tymondesigns/jwt-auth.
Is it possible to blacklist the old token if the user logged in again without logout? I'm curious about the security of old tokens.
Any suggestion on how to improve the "always logged in" on mobile devices as I am currently using Laravel as the API?
My current configuration is: ttl = 1 hour & refresh_ttl = 2 weeks
Actually @Jeff answer may solve the problem. I need to use jwt.refresh
middleware.
My JWT blacklist not working because I'm using array
as the CACHE_DRIVER
I have tested with revert it back to file
as the CACHE_DRIVER
and jwt.refresh
is works, old token is blacklisted as it should be.
I marking this as the answer. Thank you, Jeff.