I'm using Laravel 5.2 and tymondesigns/jwt-auth.
Is it possible to blacklist the old token if the user logged in again without logout? I'm curious about the security of old tokens.
Any suggestion on how to improve the "always logged in" on mobile devices as I am currently using Laravel as the API?
My current configuration is: ttl = 1 hour & refresh_ttl = 2 weeks
Actually @Jeff answer may solve the problem. I need to use jwt.refresh middleware.
My JWT blacklist not working because I'm using array as the CACHE_DRIVER
I have tested with revert it back to file as the CACHE_DRIVER and jwt.refresh is works, old token is blacklisted as it should be.
I marking this as the answer. Thank you, Jeff.